We have so many services and so many passwords, but what’s considered a good password these days, and do you have it?
One of the critical parts of security is how you protect yourself, and password hygiene is a big part of that.
Regardless of what you use in your life, there’s a good chance that you’re maintaining accounts using passwords, and lots of them. Log into any service and you’ll have to submit your very own password, be it Facebook, Twitter, Instagram, LinkedIn, Google, Apple, your mail service… anything really.
We all have passwords, with the number becoming a bit of a blur when you realise each password should be unique. However we’re not all following that rule, and there are a bunch of others worth being aware of, too.
So how do you help make password hygiene the best you can? How do you give your personal security the best chance you can?
Unique passwords are important
It sounds obvious, but individuality in your passwords is critical. In this case, “individuality” means “unique”, and extends to services individually. It means you should have a different password on a service-by-service approach, so a different password for your each mail account, a different password for each social platform, and a different password for anything else.
Unique and different passwords matter in case of security compromises, because if one is broken, it shouldn’t affect everything else.
Essentially, if a service you use gets broken into and your password compromised, you shouldn’t need to change every password you have to deal with that compromise.
That means unique passwords are welcome, even if they’re only unique by one or two characters.
Simple passwords are silly
Not using a unique password can easily lead to something considered bad password hygiene, and that’s use of overly simple passwords.
Simple passwords tend to get called bad passwords because they’re just too simple, and usually are included in reports of the year’s worst passwords.
Published by SplashData every year, last year’s worst password list included some of the more simple passwords that are still in use, including “123456”, “1234567”, “12345678”, and “123456789”. We wish we made this up, but the reality is people use these all the time. According to SplashData, other poor passwords included “sunshine”, “princess”, “welcome”, “football”, “qwerty”, and the particularly crazy “password”. Yes, there are some people that use password as a password. Not very bright.
Password complexity is a big deal
Based on this, you can imagine just how big a deal password complexity is.
Complex passwords are not only harder to guess, but harder to break, and if a security expert really did want to break into your account, using a complicated password makes it that much more difficult.
Password complexity means using passwords that aren’t necessarily written in plain English, but rather have numbers and punctuation scattered throughout them, to make them a little harder not just to guess, but to break.
It may mean instead of using your birthdate — which is relatively unsafe since it’s pretty easy to find out — you may want to use a phrase you like that you’d never forget, and then mix it up by replacing letters with numbers and punctuation, or ending with a form of punctuation like an exclamation or question mark.
Tips for better password hygiene
These are just a sampling of the tips that make for better password hygiene, but there are plenty of others. You can build better passwords by following some of the ideas and advice below:
Pick a phrase associated with the service and alternate the letters so that it’s harder to guess. If the service is a social network, it might be something like “sharingupdateswithfriends”, except when you factor in the two uses of “e” in the phrase, it reads as “Sharingupdat3swithfri3nds”, increasing security. Change a few other letters and it becomes even more complicated.
Consider a strong and standard password and add extra bits to the end for each service. Let’s keep with that same standard password from before, “Sharingupdat3swithfri3nds”, but apply it all across other social networks. If you take this tip, you use one common password and then add extra letters to make it different on a service-by-service approach. Spreading it out to Facebook might make it “Sharingupdat3swithFBfri3nds”, while Twitter could be “Sharingupdat3swithfri3ndsT”. Alternate where you place those different characters and your strong standard password becomes a little more secure overall.
Make something so strong, you need to save it to the web browser or a password manager. If your computer or phone is entirely yours, saving passwords to your web browser is entirely doable, and means you can do something else, employing a random password generator. A little more complicated again, random password generators create a random sequence of numbers, letters, and punctuation for something that has no connection to you, but also is that much harder to break.
Use multi-factor authentication alongside a password. A password isn’t the only strong course of action you can choose to protect yourself with. You can also confirm your existence with a secondary form of authentication, option to use a code sent to your email or phone, or one generated and sent to an app. Consider multi-factor authentication when the service really needs to keep security up, such as for banking, social networking, or something else you need secured, such as accessing government sources.