A complex password is a better password, right? That might not be the case if the company storing your passwords on its server isn't using the right security methods.
No matter how long or complex your password is, hackers can still get it if it's not stored using encryption. The latest Russian hacking attack that stole 1.2 billion passwords showed us that some companies aren't taking the right steps to make sure your password is protected on their end.
Some of these may be incredibly complex passwords—with lots of jumbled numbers and symbols. And some may be incredibly simple—using just the simplest of English words, like, say, “password.” But after the hack, most all of them have left their users vulnerable to attack. According to Alex Holden, Hold Security’s founder, the “vast majority” of the passwords he uncovered had been stored in plain text on company servers.
Also, even if your password is encrypted on the servers, it still might be be easy for hacking programs to guess it - even if your following the complex rules many websites require. Just using a mixture of numbers, letters and special characters isn't enough. Hackers use programs that can guess "p@$$word1" just as easy as they can guess "password1."
The key creating a strong password is randomness. It shouldn't be an easily guessable word, even if there are other pieces mixed in. That's why I always give you the latest tips to make sure your password is truly secure. Check out my tips and tricks for strong, unique passwords here.