Security is an important consideration as a password could be the difference between staying safe and having your savings plundered or identity stolen.
- Never use just a single password for everything. – If that one password gets stolen, cracked or phished the attacker will have access to everywhere that you have used that password from social media to online banking to even workplace logins.
- Ensure Your Devices Are Secure – Having up to date antimalware protection and keeping your operating system and other important programs updated will help protect your devices from keyloggers and other malware that can steal saved passwords and other data such as pictures from your devices.
- Longer Passwords are better – Each extra character for a theif to have to brute force ads exponentially more time to the cracking process. I suggest a minimum of 12 characters these days but longer is better.
- Use Passphrases – Passphrases are several words strung together with a mixture of upper and lower chase characters, numbers and special characters added, it’s easier to remember passphrases. An example of a passphrase is: laUghing&l0bster<wheel
- Use a Password Manager – A password manager such as Lastpass can store your passwords safely on your computer in a way where they are encrypted using a master password. A password manager allows you to use a separate strong password for each site that you can unlock with a strong password or passphrase that you can remember. You should treat it like a digital post-it note though and keep the master password secure.
- Keep it out of plain site. You should keep your password out of view. If you must write it down don’t stick it on a post-it note on your monitor. Keep it somewhere safe like in a wallet, lock box or safe where only you have access to it.
- Use multifactor authentication – These days many services offer the ability to verify your identity using a second factor such as SMS message, email, hardware token or mobile app to provide a code which you must enter to be able to log in. Once a device is known you may not have to use a second code to login again from that device but if someone does get your password they will not be able to log in without the multifactor code sent to you which can also let you know that someone is trying to hack your account.
There are online passphrase and password generators that can help generate secure passwords such as http://www.dinopass.com/ and https://xkpasswd.net/s/ if you want to use random characters in passwords another site you can use is https://www.grc.com/passwords.htm