The way we do passwords just doesn’t seem to be cutting it anymore. Between numerous high-profile data breaches, phishing schemes and brute-force password cracking apps for hackers, there’s no shortage of ways to break into someone’s account.
Because of these radical changes to the data security game, companies have been at work around the clock developing new ways to authenticate users. In fact, some believe that biometric passwords will be the norm in the future, which means that your physical body will be used to help identify you. This technology, sadly, won’t be mainstream for online accounts for several years, though.
With biometric authentication still way off, there are a few methods you can use to handily lock down your accounts from cybercriminals and hackers. By rethinking the way you create and store passwords, you can get back to enjoying the internet instead of fearing it. If you’re looking to make your passwords more secure, here are some new ground rules to follow going forward.
Rule #1: All the characters — no exceptions
Show of hands: Who here among us has opted for a simple, easy to remember password? You’d be shocked at how many people have chosen to use a simple passcode like “baseball,” “123456,” or worst of all, “password” when creating an online account at some point or another.
We tend to have multiple accounts online, so going with the least point of resistance can help us create multiple phrases that are easy to remember. Anything beyond that can not only be a struggle to come up with, but it can be even harder to remember.
Unfortunately, these simple passwords are also the easiest to hack. In fact, entire databases exist of the most commonly used passwords on the web, and you can bet that hackers are keen on this subject as well. Those are some of the phrases they try first when they attempt to brute-force an account open.
For a more successful password, create on using a complex combination of letters, numbers and alternating capitalization. In this case, a phrase like “Bingo123” would be much better off as “biNg01789.” As you can see, the casing is alternated among the letters and the numbers no longer follow an exact sequence.
The more “random” or complex your password appears, the harder it will be to guess. And, naturally, using a more diverse palette of characters gives hackers more chances to fail when guessing your code. Don’t make the job easy for them!
Rule #2: Think bigger
You should also consider staying away from using an ordinary word as the basis of your password. This is simply due to the fact that words, usually, are small and contain fewer characters. Additionally, algorithm-based password crackers are getting progressively better at figuring out individual words found in most passwords.
To get around this, go bigger. While a full sentence as a password might seem unfeasible, if you think about it a sentence is a string of consecutive words — perfect for abbreviation into an unrecognizable phrase.
Here’s an example: Let’s say your favorite baseball team is the Cubs. If you’re a Cubs fan, there’s no way you’d forget their stunning World Series Victory in 2016. So, to remember your code, take the phrase “Cubs won the world series in 2016” and abbreviate it to “cwtwsi2016.” Substitute some characters and cases and you’ll have “cwTw$i2016” — a far more complex password that is not only hard to guess, but easy for you to remember.
Try it with a phrase you won’t easily forget, and coming up with a sophisticated password becomes far more simple. You could also create a full-fledged passphrase, where you keep the phrase mostly intact, but replace certain letters and numbers with other characters and alternate between capital and lower case. For instance, cUb$W1nW0rLd$3r13$1NzOI6.
Rule #3: Don’t forget about extra protection
Of course, no account security is complete without fully deployed two-factor authentication (2FA). This handy security method has been around for some time now and revolves around using an additional form of identification in order to access your account. Most commonly, the platform will ask for your cell phone number, and you’ll verify your login attempt with a code the platform texts you.
This is a strong strategy for several reasons. First and foremost, it ties your account access to something only you possess — meaning only you or someone with access to your phone will even have the ability to get in. Second, you’ll be informed of any unauthorized login attempts right off the bat.
Most importantly, 2FA adds an additional step that most career hackers won’t even attempt to bother with. It’s too much hassle, and far beyond the abilities of any automated programs or brute force hacker-apps that might help crack your code.
Rule #4: Being different is key
This is a struggle for many people, and understandably so. On average, people usually have at least one social network they’re a part of, a bank that they frequently access, service accounts for utilities, cloud storage and app store passwords and several more accounts for their online activities.
Trying to remember more than one password is enough to make your brain hurt, which is why people tend to take the easy way out and just stretch the same password across multiple accounts. Sadly, this isn’t an option in today’s digital world. Hackers know how common of a mistake this mode of thinking is, and bank on it to reap their undeserved profits.
Usually, when a hacker guesses or cracks a password correctly, they attempt to use it on multiple platforms just to see if it’s likely to work and unfortunately, it’s all-too-common for their efforts to be successful. By using different passwords and passphrases across multiple platforms, you’re making a hacker’s work much more difficult. You will prevent a domino effect from occurring in the event of a breach, and are ultimately being more responsible with your data over taking the easy way out.
Here’s something else you might not have considered: When setting up an online account at countless sites, many will make you fill out answers to a series of security questions as an added layer of protection. There’s a problem with that method, however, because it’s not difficult for a hacker to get their hands on that information. It could be as simple as checking out your social media profiles to get those answers and access your accounts.
To lessen the risk, the answer is simple: lie. Don’t answer the security questions truthfully during the account creation process, and it’ll make it that much harder for a cybercriminal to crack. Were you born in Arizona? Answer the security question with something like North Carolina. Did you have a dog named Fred growing up? Instead, say you had a cat named Sparkles. Just remember that this security measure can backfire if you don’t remember your fake answers.
Since hackers work hard, it’s our job to work harder in the creation of diverse, strong passwords, passphrases and security questions. It’s too bad remembering them all can be a pain, but that brings us to our next rule.
Rule #5: It’s not that hard to keep things organized
A password manager is one of the biggest essentials for modern internet users. By using one, you’re putting your passwords under encryption, which helps keep them safe.
Keep in mind, though, that this is different than using your browser (like Chrome) to store your passwords. Browsers are still vulnerable to hacking and compromise, but a secure password manager like our sponsor, RoboForm, gives you the upper hand against cybercriminals.
Of course, you’ll still need to remember a password in order to access your manager. Thankfully, though, this may be the last password you’ll need to remember at all. Just make sure it’s stored somewhere highly secure, like on a scrap of physical paper in your desk or in a special notebook.