I’m sure you’ve heard it before, “Be sure you pick a strong password.” But what does that really mean? How do I make sure I have a strong password? And What can I do to best protect my online interaction with my finances?
I’ll start by just listing the things you need to do for a strong password in bold. Then I’m going to try and explain why you need to do some of these things. However, you don’t really need to know the why to protect yourself. Just do what you’re supposed to do and you’ll be ok. For those of you that just need to know why in order to comply, read on.
Best password advice rules to follow
- Has at least 12 characters. The longer the password is the better. Why? Because that makes it harder to hack. Some might even tell you that you need at least 15 characters these days because of the increased speeds in the supercomputers that hackers are using to crack your password. My advice? Try to get yourself somewhere between 16-20 characters.
- Password includes upper-case letters, lower-case letters, numbers, and special characters. You need to use everything that is available to you, and that means mixing it up with your character choices. If the password allows for all four of these types of characters then use them all. If it allows for only three (for example the password doesn’t allow special characters) then use all three.
- Don’t use dictionary words or names. You need to try and steer clear of real words or phrases. Don’t make your password easy to hack. Anything that is in the dictionary should not be used. Don’t use word phrases either. Something like “DogDaysOfSummer” is a bad password to use.
- Don’t use substitutions that are obvious. What does that mean? Let’s look at the “DogDaysOfSummer” password example. You could turn that into D0gD@ys0fSummer. In this password I replaced the letter O with the number 0, and I replaced the letter A with the special character @. You need to try and avoid using these types of obvious substitutions.
- Don’t use the same password at more than one place. I know it can be really annoying to have a bunch of different passwords, but you need to try and keep each and every place you make a password different. The reason for this is security. When hackers crack your forum password it might not be a big deal, but when they take that password and apply it to your bank account where you use the same password it won’t be any fun.
- Change your password once a year (to something you’ve never used before). As if it wasn’t annoying enough to have a different password for every place, I’m now telling you to change your password once a year. Wow that is annoying. I’ll be the first one to say that I’m not perfect when it comes to this rule, but if you can stomach it then go ahead and do it. Changing your password every now and then can help keep hackers at bay. Why? Because sometimes hackers will crack your password but they won’t use it immediately. Instead, they might sell it to someone else to use, or possibly they are waiting for the right moment to strike. Change your password to something completely new and stop them in their tracks.
- Use 2 factor authorization when it’s available. If your bank account let’s you add security with 2 factor authorization then be sure to use it. It would be pretty hard to crack a password that requires you put in a code that you get texted to your cell phone. Go ahead and make it hard on those hackers.
Give me an example of a good password
Let’s look at the password example I gave you earlier and see how we can make it better. I want to turn the password “DogDaysOfSummer” into something that is more secure. One idea would be to start off by dropping the vowels. So you now have “DgDysfSmmr.” This alone is not a good password, but let’s add some numbers that are easy for us to remember and sprinkle them within the password.
Now we have “Dg112Dysf55Smmr22.” Now I’ve sprinkled in some numbers that are easy for me to remember or maybe they have some meaning to me, like a favorite number or an old address. This is starting to look more secure, but I still need some special characters.
I add some special characters and I have “Dg$112Dysf55@Smmr22.” This is starting to look really good, but I don’t like how the first letter in every word string is capitalized. So I change it to this “DG$112Dysf55@sMMR22.” Perfect. Now we have a seemingly random password that is 19 characters in length and uses upper-case letters, lower-case letters, numbers, and special characters.
This password making strategy helps me remember a difficult long password, however if you have a strategy that’s easier for you then go for it. It doesn’t matter how you make your password as long as it follows the rules I laid out above. The important things is that it’s difficult for hackers to crack and easy for you to remember.
You might be thinking this is a great strategy and you’re going to make sure you have a great difficult password, but there is no way that you can remember a unique password for every single different place you have to log in. Well don’t panic. Just google for the best available password manager currently available and you can just remember the one password.
If you do use a password manager though you need to be more diligent about changing that password which gives you access to the password manager. Since this is basically one password for all your passwords, it kind of serves like a master key. It would be wise to change this password at least once or twice a year. A small burden for the luxury of only having to remember one password.