By Michelle Ricker June 2, 2021
Summary: Creating a strong password doesn’t have to be overwhelming. By using a passphrase, incorporating a variety of characters, choosing a password manager, and opting into two-factor authentication, all of your personal data will be far more secure. We break down just how to do it, and give recommendations for our favorite products.
Seemingly every article about cyber security includes the step of creating a strong password. Still, it’s one of those things that most people know they should do, but just… don’t. In fact, “123456” was used by 2,543,285 people last year and “password” was used by 360,467, according to PCMag.
If you’re not convinced that creating a strong password is worth the time and effort, let us explain how to make it easier on yourself. Starting out is the hardest part, but when you’ve got the hang of it, we bet you won’t miss the simple passwords of yore. It could even save you time and money (and time getting back your money if you get hacked) down the road.
A passphrase is better than just a password for a few reasons. First, it’s longer, making it harder to crack. Passwords with 11 characters or more are 80 times harder to hack than those with 10 or fewer characters — 400 or more years instead of five years, according to Newsweek. So, how should you come up with your passphrase?
Whether it’s a favorite quote or a phrase you associate with a specific site, choosing passphrases that hold some personal meaning will be easier to remember. Maybe you choose something about money for your bank account, a favorite movie quote for your Netflix password, or the title of your favorite childhood book for library access. We like song lyrics or puns to help make them easier to remember and a little more fun when you do.
Avoid using information that is publicly available, such as your middle or last name, birthday, or schools. Remember, if your mom is on Facebook, it’s likely her maiden name is on there, too. If your information is found in a data breach, hackers can use readily-available information as a way to determine (or even reset) your password.
When you have the phrase picked out, incorporate acronyms or shortened codes so you’re using upper- and lowercase letters, numbers, and symbols. Again, the more variation you have in your password, the harder it is to break open. Try to avoid obvious substitutions, too, such as a 0 in place of an o of $ in place of an s. Any single word — or combination of two obvious words — is typically easy for people or software to guess. Incorporating symbols and numbers throughout the password, rather than only at the end, is also a good idea.
Instead of using a passphrase, you may choose to use several random words. The most important thing to remember if you choose to use words is to make them truly random. Avoid words that logically go together (like “bigredhouse”) as those are easier to break. Again, you should also avoid information that’s available on any social media accounts, such as favorite sports teams, schools, or cities where you’ve lived. To further strengthen these types of passwords, add in numbers and symbols, and use a combination of upper- and lowercase letters.
Worried you won’t be able to remember it? Using a mnemonic device can help, or you can opt for a password manager — one of our favorite picks.
If creating and remembering complicated passphrases sounds like a hassle, you can also invest in a password manager. These are often sold as part of other security programs, like EarthLink Protect+ with NortonLifeLock. Yes, you can use your browser’s keychain, but then anyone who has access to your computer can also gain access to all of your passwords too. Yikes! Password managers are a more secure option for a few reasons.
First, they require a strong password to unlock. In contrast, most browser keychains require no password at all to open or only require the device password. Second, they can create strong, random passwords for you. That means you can rest easy while knowing your passwords are giving you the most protection.
Password managers are really the sweet spot between making your life online easier by storing passwords for you while also keeping you safer by protecting your passwords — or even creating better ones.
In addition to using a passphrase and using a password manager, you should also be using unique passwords for each login. It can certainly be tempting to repeat passwords across multiple accounts, but that makes each account exponentially more vulnerable. Unfortunately, changing a single character while reusing the same root password won’t quite cut it either.
Conventional wisdom used to be that passwords should be changed every few months. Many businesses require employees to reset their passwords every 90 days. Now, that’s up for debate. While many security experts offered that advice for years, the latest guidelines from the National Institute of Standards and Technology suggest choosing a strong, unique password from the start and sticking with it, according to Business Insider.
Those guidelines also encourage the use of two-factor authentication. Two-factor authentication combines something you know (your password or pin number) with something you have (like a code sent to your phone or a token) or something you are (usually a type of biometrics, like a fingerprint or facial recognition). This second step makes your account harder to hack because it renders your password useless on its own. If you don’t want to hassle with a second step for every single account, be sure to use it for your most important data, like banking and bill paying.
Creating a strong password for every single account can seem like a lot to tackle at first, but it is an important component of cyber security. Weak passwords are easier to breach which makes your personal data (like credit card accounts and housing information) easier to steal. By choosing phrases that are easy or fun for you to remember — or opting for a password manager — along with using unique codes and two-factor authentication, you’re well on your way to cyber security. If you have questions about cybersecurity or are ready to learn more about password managers, EarthLink is here to help.
Michelle Ricker is a Copywriter for EarthLink. She recently graduated from the University of Cincinnati with an M.A. in Communication and has more than 5 years of writing experience. She thrives on storytelling and well-placed punctuation. She currently lives and works in Atlanta.
See all posts from Michelle Ricker.