Creating, storing and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches. Also, it has never been easier to maintain your passwords with free, simple-to-use password managers. With a few moments of forethought today, you can stay safe online for years to come.
Below are some things to remember when coming up with a good password. You can also automatically generate a secure password with Keeper or use Bitwarden’s password generator.
Long, Unique, Complex
Long
Each password should be at least twelve characters long. Each character you add to a password makes it exponentially harder to break. The number of possible passwords is equal to the number of characters allowed to the power of how long the password is. There are, generally speaking, 94 characters on your typical American keyboard. This means that if I were to tell you my password is four characters, you would know that there are 94 to the fourth power, or 94 × 94 × 94 × 94 possible things my password could be. That may seem like a lot, but a computer can make that many guesses in a fraction of a second. But, by making that password a single character longer, it becomes 94 times harder to guess. With enough characters, this “difficulty curve” eventually becomes steep enough that a computer cannot guess the password.
Unique
Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end – to really trick up hackers, none of your passwords should look alike. When email addresses and passwords are stolen in a data breach, attackers will attempt to log into any thing and everything with that email address and password. Don’t make it easy for them by using the same password – or variations thereof – everywhere. You can use Have I Been Pwned to check if you have been in a data breach.
Complex
Password length and uniqueness doesn’t help if it’s still easy to guess. For example, Password123! is pretty long, and will meet most complexity requirements, but the usage of the word “password,” plus the common pattern of starting with a capital letter and ending with a few numbers and exclamation point make this password trivial for a computer to guess. In fact, the pattern of a word plus a number (usually a few sequential numbers or the year) and ending with an exclamation point is so common that it’s one of the first things an attacker will try.
A Better Way
You probably have a lot of online accounts. And because all your passwords should be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe. There are many free and easy-to-use tools out today that makes managing your library of unique passwords a snap.
Today, the truth is that you don’t have to think of or remember your passwords. If you use the latest tools, you don’t need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.
University faculty, staff, and students have access to Keeper.