It used to be easy to create hard-to-crack passwords: You just used at least eight characters you could remember, combining upper- and lowercase letters, numbers and symbols such as @, & and >.
But in recent years, hundreds of millions of user passwords have been stolen in cyberattacks on banks and other institutions, giving hackers broader insight into how and why folks choose the passwords they do.
- Don’t reuse the same password across multiple sites; recycling is especially dangerous for email, banking and social media accounts.
- Don’t use the following in passwords or answers to website security questions: loved ones’ names (pets included), hometowns, wedding dates or anything else that can be gleaned with some online research.
- Don’t save passwords or use “remember me” options on a public computer. The next user can access your account.
- Don’t reemploy previous passwords, even if you haven’t used them in years.
- Never use the most common and easily hacked choices such as “123456,” “qwerty” or “password.”
- Don’t leave your smartphone unprotected by a password, as 2 in 3 users do. Pick a code that isn’t something obvious, such as your birth date or birth year. Also avoid common passwords such as 1234, 0000, 2580 (a top-to-bottom sequence) and 5683 (which spells “love”).
- Here are four strategies for keeping your data secure.
1. Longer is stronger
Many security experts now recommend a minimum of 15 characters, combining letters, numbers and symbols. More characters are necessary because these days a five-character password using these combinations can be cracked in a mere five seconds.
2. Phrase maze
Want to use something really unbreakable, like the pros do? A password such as 63YrS@n%styll&LUVN^Lfe! is long and strong. But memorable? It can be, if you base it on a phrase that you privately choose, such as “63 years and still loving life!”
The key is to stick to a formula — note the different patterns of upper- and lowercase letters in successive words — and to include purposeful misspellings and random characters that break up words.
3. Safe storage
A password cheat sheet is fine, as long as it’s not stored on your computer or smartphone; if your device is infected with malware, you’re doomed. A pen-and-paper reminder, kept in a safe place, is better. Ideally it will consist of hints rather than actual passwords.
4. Password manager
This software stores all your user names and passwords in one encrypted database. You provide one master password to open the manager; some versions automatically log you in to websites. Products include LastPass, SplashID Safe and 1Password for PCs, Macs and mobile devices.