If you had 10 security professionals in a room and asked them to create the most secure password, you’d probably walk out with 11 different answers. However, all security professionals will agree that a strong, secure password is your first line of defense from the ever increasing barrage of information breaches and malicious users.
Use Long Passphrases
The old practice of using a combination of numbers, and special characters to substitute for letters in your passwords, such as replacing “s” with “$”, or “i” with “1”, is no longer as effective as it once was. Newer automated password cracking tools have been designed to crack substitutions like these. The US National Institute of Standards and Technology (NIST) now recommends utilizing long passphrases made up of four or more unrelated words; such as, “pancake umbrella fusebox incorrect”.
More great tips after this brief comic from xkcd:
Don’t Use the Same Password for Multiple Accounts
Having different passwords for all of your accounts reduces your risk when breaches occur. When hackers gain access to an organizations list of users and their passwords, they often sell that list on the dark web. Criminals who purchase those lists will often try those same usernames and passwords on other accounts. It’s bad enough when you get that notice from a website that your account may have been compromised. It’s even worse if you have used that same username and password on your bank accounts, or other websites.
Use Two-Factor Authentication Wherever You Can
Multifactor authentication is the practice of using a combination of something you know, something you have, and something you are. A password is an example of something you know. By adding a second form of authentication, something you have (such as a cell phone), or something you are (such as a finger print), you can prevent a hacker from accessing your account by just cracking your password. Most popular banking and social media accounts now support two factor authentication, by having you enter a code that is texted to you in addition to using your password. Most handheld devices offer fingerprint readers that can be used along with a password to unlock your device.