Bor-ing. That’s what a blog post about password strength is, just plain boring. But please pay attention because you might be making some serious mistakes in your passwords and I’ll be getting your spammy email or fixing your hacked website soon.
The most common excuse I hear around password strength is “Who would want to hack MY account?” Insignificant you, huh? Well, spammers and hackers are pretty indiscriminate in their approach to finding new websites, email accounts, and bank accounts to hack. This is because there are not people sitting around looking for interesting accounts to hack, but computer programs that those people have written, crawling the web, looking for a way into any account possible.
So yes, you are a target because you are on the internet.
In the past week I have seen three friends with their emails hacked, multiple clients with very weak passwords on important accounts, and received my new checks in the mail after a single web account was hacked and it compromised my bank account. I have also had many web clients hacked due to outdated WordPress software or weak passwords.
If you haven’t personally been hacked, you know someone who has, and passwords are a vital entry point for these hackers.
So, without further adieu…
Tips For Strong Passwords
Avoid repeating your username, name, or account name. You are giving any hacking bot a freebie if you repeat information that was already exposed such as your first or last name, or even your email address.
Avoid publicly available information. Your birth date, anniversary, kid’s birth date, first pet name, favorite color, favorite band, girlfriend’s middle name—all are publicly available pieces of information no matter how precious they may be to you. In the age of social media, that information is attainable.
Avoid generic words. I’m guilty of this, but at least I usually combine these words with additional complexity. Using words like ‘password’, ‘account’, ‘admin’, etc. will all put you at risk of being hacked. Yes, even spelling it ‘PA55W0RD’ is a bad idea…because it’s a bad idea that has already occurred to other folks.
Utilize special characters, numbers, and caps. If your password reads like normal English, you’re in trouble. Change it up to create complexity for those hacking bots.
Make it longer. Size matters in passwords. Why? Because each additional character increases the potential character combinations exponentially. I’m not going to explain the math…just make your password longer. Use a phrase if its more memorable!
Tools for Password Management
I promise I make no money from these recommendations, but I constantly have to recommend password management tools to my clients and friends. These tools are what make maintaining a diverse list of strong passwords possible.
But let’s start with a quick list of unacceptable tools. I know because I’ve used them all in the past.
- Small printed list in your wallet.
- Your phone contacts.
- A spreadsheet on your computer.
- A saved email.
All of these will hand the keys to your life to a hacker or thief. Don’t risk it.
Recommended Free Tools for Password Management
This is what I use. I appreciate being able to sync up between multiple browsers and devices. It has a searchable vault and is free to use. Bam, done. Life improved.
This was recommended to me back when they only support Mac, but now they offer a full solution as well. I’m sure Mac users would appreciate the user interface, so check it out.
That’s it. Make it a new year resolution to improve your security with such a simple fix. Any more tips or tools? Leave a comment!