How likely do you think you are to be the victim of a costly data breach? Possibly? Not very likely? If you’re an average American the answer is “extremely likely,” especially if you don’t use strong passwords across all your online accounts. According to a recent study conducted by the Pew Research Center, 64 percent of Americans have experienced a major data breach, and 41 percent of those breaches resulted in fraudulent charges being made on credit cards.
So how can you protect yourself? Your first line of defense is to create strong, secure passwords, and these simple steps can help you do just that.
1. Go Long
Most websites will only require you to come up with a password that’s 8 or 9 characters long, but according to cyber security experts, that’s not enough, not by a long shot. Believe it or not, new guidelines from the National Institute of Standards and Technology (NIST) recommend that sites allow users to create passwords that are up to 64 characters long.
Richard Cassidy, technical director of cyber security company Alert Logic, explained to the Guardian that a 14-character password could take a hacker up to 811 trillion guesses to crack, while a basic, 8-character password can be cracked in a matter of hours. Of course, a password does you no good if you can’t remember it, so you may find yourself wondering how you could possibly craft one that’s both long and easy to remember. The answer to that leads into our second point…
2. Use an Obscure Phrase, Not a Word
Unless you want to go with “ Supercalifragilisticexpialidocious,” it would be pretty hard to come up with one word that sufficiently long enough to meet some of the new password guidelines. The answer instead is to make your password a phrase that you can easily remember. What is your favorite movie line? The first line from your favorite book? A saying in another language that your grandmother used to use?
Using a phrase can be a great way to create a longer, stronger password, you just want to make sure you’re using a phrase that no one else can guess. The first line to “Moby Dick” or “Harry Potter and the Sorcerer’s Stone” may not be great options since they are popular books that many people enjoy. Think of something more obscure that is particularly special to you, such as a random line from one of your favorite songs by an obscure artist. Now, if a website won’t let you use an entire phrase for a password because it has too many characters, try turning the phrase into a word. For example “The cow jumped over the moon!” can be “TcJOtm!” This also helps you avoid the risk of using a phrase that can be easily guessed.
3. Always Mix Things Up
No matter what you choose as a password, you want to avoid using just letters and numbers. A strong password will have a mix of upper and lowercase letters, numbers, and other unique characters such as question marks and exclamation points. Most websites will require your password to have a mix of letters, numbers, and characters, but even if it’s not a requirement you should still do so.
4. Never Use The Same Password Twice
One of the most common pieces of advice given by cyber security experts is to never use the same password for multiple sites. While this may be common advice, that doesn’t mean people follow it. A survey from Keeper Security found that more than 80 percent of respondents age 18 or older use the same password across multiple platforms.
Imagine if you took out all the money you had in the bank and kept it in one briefcase. If you lose that briefcase, you lose all of your money and are left with nothing. While this may sound dramatic, using one password for all of your accounts is the same idea. If a hacker figures out the password to one account, they can access them all, and you’re left completely vulnerable. This is why it’s so important to use unique passwords across all of the websites you access regularly. If you find you have trouble remembering multiple passwords, you can use variations of the same word or phrase across different platforms, as long as you make significant changes. Or, to make things even simpler (and more secure) you can also follow the next tip.
5. Use a Secure Password Manager
Last year, The Guardian asked their tech reporters how they create secure passwords. Nearly all of them said that they use password managers to give them an added sense of safety and security. Password managers encrypt and save your passwords and will automatically enter them into any website that calls for them.
This way, you never have to worry about remembering all your different passwords, your password manager will do it for you. This opens up the door for you to get as complex and creative as you want when coming up with your password, so you can feel free to really go for it and try to craft one that hits that 64-character recommendation from the NIST. This also allows you to avoid having to physically enter your password every time you are prompted to do it, so if you’re working in a cramped public area like a cafe or busy library, no one sitting nearby you will be able to get a view of your password.
The bottom line is – don’t be average. Go above and beyond what the average American is doing to protect themselves from hackers.
Keeping your data secure can be complicated, but creating a strong password is simple. Use these tips the next time you are prompted to craft a new password, and you’ll go a long way toward protecting yourself online.