How to Create a Strong Password

You’re creating a new account online, when you’re prompted to add a password. Do you enter the same password you use for every account? Maybe substitute a number for a letter somewhere? Jot down your pet’s name on a scrap of paper, possibly with the year you were born?

Any of these common methods of password management is setting you up for either getting locked out of your account or losing your account to hackers. There’s a better way and it’s actually pretty easy.

Why Password Protection Matters

The average American shares a lot of personal information online. Besides the information shared on social media and networking sites,

• Over three-quarters of the country's consumers have shopped for items on the web, sharing sensitive credit or checking account data to complete their transactions.
• 3 in 5 Americans have used online medical records or patient portals to communicate with doctors or hospitals, sharing personal medical information.
• 68.1% of U.S. companies use online recruiting platforms for most of their hiring, and 30% of U.S. adults rely on LinkedIn for professional networking, compelling Americans to share personal contact information and work history.

Even if you’re security-conscious and try to avoid putting your personal information online, odds are good that some of your info is out there. Passwords are the first line of security guarding that information, so it’s important to choose passwords carefully and safeguard them effectively.

What Makes a Good Password?

Creating a strong password isn’t as hard as you think it will be. One way to create strong passwords that you’ll remember is to come up with a unique method for creating passwords based on the information here, and then using that each time you need to make one. Strong passwords should be:

1. Long
2. Non-personal and random
3. Unique
4. Updated regularly

Long

Most passwords are required to be at least 8 characters, 10 characters, or 12 characters. The most secure password includes a mix of 12 or more characters. The more characters in a password, the more combinations required to brute force it. Using different types of characters helps increase the security of your password. Your password should always include:

1. Uppercase letters
2. Lowercase letters
3. Numbers
4. Special characters (the ones above the numbers on your keyboard)

Non-personal and Random

Yes, you’ll easily remember Fluffy’s name and your birthday — but those are also pieces of information data thieves can easily find about you online. So are the names of family members, parts of your address or past addresses, and facts often posted on social media profiles such as your hometown, where you went to high school, or your favorite band.

Your password will be much stronger if it doesn’t contain personal information about you, especially information that you commonly make public.

Unique

The average adult potentially must remember hundreds of passwords, so it’s understandably tempting to reuse them. Unfortunately, that makes you incredibly vulnerable.

Some people like to follow a pattern when creating passwords that helps them remember each one with a little variation. While this seems like a good way to keep track of passwords, it makes it easy for data thieves to crack all of your accounts once they get their hands on a single password.

Updated Regularly

You should change the passwords on your most important accounts every few months. While changing passwords is a pain, it ensures that your account stays secure even if your login credentials have been compromised. This is a good idea for accounts related to:

• Medical information
• Financial or retirement information
• Health insurance or government benefits

Tips for Managing Passwords

Remembering all your passwords can be a challenge, but that doesn’t mean you have to resort to writing them under a crumpled sticky note and hiding them under your keyboard. Here are some better ways to manage your passwords.

Password Managers

A password manager is a tool that helps you create, save, and enter secure passwords across different platforms. These tools can save hundreds of passwords, even enabling you to share some passwords with family (such as login credentials for shared subscriptions or streaming services) while keeping others (like your checking account information) private.

The best password managers will actually generate new, unique passwords when you create new online accounts. You can tweak these passwords to suit your needs by lengthening them, adding symbols, or selecting to use both lowercase and capital letters. They may also alert you if your existing passwords are weak or compromised.

One downside to password managers is that they do come with a subscription cost. However, many people find they’re worth the price because of the convenience and peace of mind they offer.

If you decide to invest in a password manager, choose one that works on your computer and smartphone. Be sure to opt into multi-factor authentication, and use our tips for strong passwords when you set your master password.

Passwords vs. Passphrases

The most secure password isn’t a word at all — it’s a passphrase. Any word from a dictionary is searchable and crackable by hackers using computers to brute force passwords. In contrast, a passphrase makes your password appear random while it’s actually easy to remember.

A good passphrase could represent a line from your favorite song, a quote from a movie or book, or a funny saying in your family. Take the first letter from each word, substitute a few numbers and special characters for letters, and you have a new strong password that’s difficult to guess but easy to recall.

Passphrase example: Jack and Jill went up the hill to fetch a pail of water = j&jwUth2fAp0w

Here, the number 2 replaces “to”, “0” (zero) replaces the letter “o”, “&” replaces “and”, and all vowels are capitalized while consonants remain lowercase. This creates a lengthy password to stop data thieves in their tracks.

Because you only use the first letter of each word of your passphrase, passphrases are a good choice even when password length is restricted. Remembering your passphrase could be as easy as humming the chorus of your favorite song. You can literally sing your way to stronger password security.

Are Strong Passwords Enough to Protect My Data?

Passwords are surprisingly vulnerable.

Theoretically, any password can be hacked with enough time and computing power. A “brute force attack” is when a hacker tries every possible combination of characters until one unlocks your account. But this takes time, especially as an increasing number of websites require combinations of capital and lowercase letters, numbers, and symbols, increasing the number of possible combinations and lengthening the time it takes to crack a password.

Passwords are more often stolen than hacked. Malware on your computer or phone that tracks keystrokes or steals temporary files can deliver your username and password straight into the hands of hackers. Phishing — the practice of using emails, text messages, phone calls, or fake websites to trick users into sharing passwords — is even more common.

Login credentials can also be stolen through data breaches in which hackers penetrate a company’s computer system and steal sensitive information. Stolen usernames, passwords, and other personal data can be used to steal identities or sold on the dark web.

Enhance Your Passwords with Multifactor Authentication (MFA)

One simple step can make your passwords 99% more secure — turning on multifactor authentication.

In cybersecurity speak, a “factor” is a way of confirming your identity. A password is one type of factor, but there are others such as:

• Personal identification numbers, or PINs
• Secure USB keys
• Keys or key fobs
• Fingerprints or facial recognition

Factors can be divided into three categories: something you know, something you have, and something you are. MFA simply requires you to enter two different types of factors to gain access to your account.

Odds are, you’ve used MFA before. If you’ve ever entered your password and been sent a code through email or text to enter into a website, that’s MFA in action.

MFA keeps you safe because it requires hackers to have more types of information about you. Even if they’ve stolen your password, they still another factor such as your fingerprint or your phone to access your account.

The Takeaway

Protecting your personal information online is important, but thankfully it doesn’t have to be a headache. Now that you know how to create — and keep up with — secure passwords, you can help safeguard your loved ones by passing on this vital information.