It seems as though passwords are something causing aggravation in the online world. Moreover, sites seem constantly hacked. Our data ultimately leaked regardless of how strong our passwords are on these systems. Often, the data leaks within another vulnerability that's out of our control. As a result, our username and passwords sold on the dark web.
If you've used the same login and password combination over and over again, your account information is at risk for being sold to the highest bidder. There's only so much we can do to protect our accounts online and using strong passwords is one of those things.
- Use reputable minimum requirements
- Name and birthday combinations are always off limits
- Don't use pet names, anniversary dates, or things common to you
- Never use the same password twice
- Please don't ever use password as your password
- Never use guest as your password because Archer will hack your system : )
Minimum Requirements For Strong Passwords
- 12-14 characters
- Numbers, symbols, uppercase, lowercase
- No dictionary words
Years ago, [email protected]$$w0rd001! was a great password. It had 12 characters, was a combination of numbers, symbols, uppercase, and lowercase characters. It was also easy to remember and when it was time to update the password to something new, you could simply update it to [email protected]$$w0rd002!.
Fast forward to the present and this password is no longer a strong password example since it's a dictionary word despite using all of the special characters. Password hacking tools often guess passwords like the one above using a variety of code and combinations.
Never use names and birthdays. Don't use pet names, anniversary dates, or things common to you.
This information often posted publicly and easily seen by hackers on your social media pages. Things like "I want to wish my son John a very happy birthday today. I can't believe he's 10 years old already." A hacker then might try your password as John4202010 as your password. Are the hackers right? Or close?
Maybe they browse your social media page a little more and see that you are on your 15th anniversary trip. They try a password like JohnMary(anniversary_date) and something similar. Maybe you're a huge fan of a particular sports team and that team won a national championship. A password like teamname(championship_date) is not secure either since this is something common to you.
Never Use the Same Password Twice (Even if They are Strong Passwords)
Keeping track of the many passwords you need is now officially a pain. Reusing passwords is generally not recommended for password security, but I'll be the first to admit that I use the same password across several systems. However, these systems are not crucial. They're not email accounts, social media accounts, banking or other financial accounts.
These accounts might be to a place where I had to login to order something and when I paid, I used PayPal (login and password not seen nor stored by the actual shopping site).
In order to keep it simple, you could try using a sentence as your password. Just don't use the sentence that's on your social media profile. Here is an example: A quote from one of my favorite movies, Princess Bride: "Never go against a Sicilian when death is on the line!" could be converted into NgAaSwDiOtL!87. I've added the year the movie was released on the end. This meets all of the above criteria and is pretty easy to remember.
However, announcing Princess Bride as your favorite movie on social media would not likely lead to your password being hacked. A password like Princ3ssBr1d3 could be a little easier for a hacker because it's a combination of dictionary words with numbers replacing a few vowels. Using numbers to replace letters is actually quite common in text messages and posts on social media.
Just look at usernames. Those usernames are readable and unique. Others have suggested using a combination of words that don't mean anything together. An example would be: ComputerPancakeCarpet. This password might be easy to remember. However, it's unlikely to be guessed by software since these words don't go together, even if they're common words. For added security, it should still have some numbers or symbols incorporated into it.
An Exception to the Rule
What about all of the sites I log into? Should I use a unique password for each? The short answer is yes. You should use a unique password for each site that requires a login.
However, for me personally, the long answer is no. I have one or two passwords I'll use for sites that require a login and password to post questions, such as a support forum. Those passwords are nothing like the passwords that I'll use for more important things like banking and financial sites.
I'll use an individual password for each. With Face-ID and apps on my phone, I don't have to remember the passwords. My phone is locked with a 6 digit PIN if Face-ID doesn't work, and Face-ID is enabled on all apps that require a login on my phone. I'll never use a PIN that is my birthday or any special anniversary date. As a matter of fact, it has zero special meaning to me whatsoever.
Using Password Managers
In conclusion, how in the world are you supposed to keep up with all of these unique passwords? There are several great password managers out there including Roboform, LastPass, and Dashlane. They generate random passwords and save them for you. But these are only a few, as many others exist. You'll need to research each to see which best fits your needs.