Online PrivacyPersonal Digital SecuritySecurity

Tips For Creating and Remembering Strong Passwords

Just about every digital thing you do requires a username and password.  From your bank to Netflix to Reddit, using any service requires an account. But here’s the scary fact: Since 2017, over 550 million stolen passwords have been published on the dark web.  Just last month, 500,000 passwords for Zoom users were found for sale online.

The prevalence of cracking means you should diversify your password game. After all, if one service gets hacked, and you only have one password, all your accounts are compromised. If that stolen password is tied to your email or financial accounts, the damage could be life-crushing.

So what’s the best way to manage complex passwords without having to memorize the equivalent of Pi’s first 200 digits?

Two-Factor Authentication

Two-factor authentication acts as a second layer of protection if your password is compromised.  It works most commonly by asking for another piece of information that only you could access, like a texted code with an expiration. So unless the hacker also has access to your phone, their knowledge of your password is useless. With two-factor, you’re also altered to failed login attempts, which prompts you to change the password.

 

Password Managers/Generators

Passwords managers are apps that store all of your login credentials in a virtual online safe, which makes it easier to keep dozens of unique passwords secure without memorizing them. It seems opposite of intuitive — or smart for that matter — to keep all of your password-eggs in one basket, but cyber security experts agree that having very strong and complex passwords outweighs the risks.

Create Your Own Strong & Memorable Passwords

These days, 12 characters is the defacto minimum length for a strong password, but as is the case with  many things, the more the better. A simple method for creating a memorable and strong password is to turn a sentence that you can easily remember into your password by using the first letter of each word.  As an example, ‘At central high school, Mrs. Simpson was my grade 11 and 12 english teacher and my homeroom was room #313’ would become ‘AchsMSwmg11&12etamhwr#313’.  That’s 25 characters!  This method works well if you only use a few passwords. Plus, it can be difficult to work in special characters.

You Don’t Need To Change Your Passwords Every 60 or 90 Days Anymore

This is an old IT administrator’s rule of thumb that was enforced for years because it was believed that it took 60 to 90 days to crack a password via brute force.  As passwords have become more complicated, this is no longer the case.  Microsoft recommends not changing your password unless you believe it may have been exposed.  Their main reasoning is that when users are forced to regularly change their passwords, they end up choosing very simple passwords instead of strong ones.

Write Them Down

This one should be obvious, or should it?  It really depends on your environment.  I wouldn’t use this method in an office or workplace since it could easily be found and deduced.  Your home office may be a different story, though, as it can be hidden on a bookshelf, in another room, or, in the best case scenario, in a safe.