New ways to come up with a secure password

New ways to come up with a secure password

Passwords used to be so simple. Back in the day, we could just think up something easy to remember for a handful of digital accounts and be on our way. That was a long time ago and it’s not so easy anymore.

Hackers are up to their usual tricks, people are still falling victim to phishing scams and data breaches, whether unintentional or deliberate, are more common than ever.  Sometimes, millions of passwords are exposed in just one attack, like this recent case when a database of emails and passwords were discovered.

Even though there are now other ways to authenticate your identity, from devices that scan fingerprints, irises or even your whole face, there’s still the imperfect password leading the pack. And now, not only can you have dozens (maybe hundreds?) of logins involving everything from email to online store accounts, those passwords need to be much more sophisticated — and different from one another — in order to stay secure.

They’ve been on the decline for years, but even as those newer, more secure ways to access your accounts have become the norm, a password is still just as important as a first or last line of defense. And making them harder to crack is more important than ever.

Sure, it might seem like a hassle, but it’s well worth your time. And it doesn’t take long, because there are new ways to come up with and organize passwords you won’t forget. Or, let technology do it for you.

Say goodbye to password1234, and hello to $+0RmTr)00Per%tK(42I>

It should go without saying, but online accounts are so much easier to break into with simple passwords. So if you’re still using password1234, stop doing this. Stop yesterday.

Many companies now keep you from creating weak passwords as a standard (one state even made it against the law), oftentimes requiring users to set a minimum of 8 to 12 characters long with mixed use of capital and lowercase letters. And they probably have you throw in numbers and symbols for good measure.

That makes for a decent level of added security, but using your child’s name followed by the year they were born and an exclamation point may still be susceptible to a good guess (or use of free hacking tools) by someone up to no good. So mix your characters up, then substitute symbols and numbers for letters — like ^ for A, $ for S, 3 for E, + for T… you get the idea.

Bonus: Set up your financial accounts like you’re going to be hacked

Building upon that, the latest trend in keeping your password secure is using a passphrase, meaning random words separated or modified with numbers and special characters. Even if you make them 20 or more characters long, you can create one that’s easy for you to remember but so very difficult for someone else to guess. For instance, it might be a well-known fact that you’re a sports fan. No problem with that, and while using G0%CarDInal$#1 seems OK, that’ll still probably be easier to crack than something like bu++erSc0tch>tR1vet#28.

Too many to remember? Use a password manager

It sounds easy to come up with a few dozen unique passwords based on random words and characters, right? Create, yes. Remember them all, no. That’s where password managers come in.

First of all, using a password manager is not the same as using your browser to save and store your passwords. All the major browsers (Chrome, Firefox, IE, Edge, Opera, Safari) offer a similar feature, allowing you to store your passwords for one-click logins across your devices. For the most part, they’re considered safe — or at least safer than they used to be. For instance, check out this recent Google Chrome feature. But they’re not as heavily encrypted and don’t necessarily have the ability to work across different platforms like standalone password managers.

Google Chrome saved passwords

Think of password managers as your one-stop-shop to not only maintain every password you have but to generate them as well. So if you have no interest in creating your own passwords or passphrases, let these do the work for every login you have.

Not only do they generate them, but they also create a complex and random series of letters, numbers, and symbols usually longer than 20 characters. All you have to do is remember one master password to access.

They also conveniently work across multiple devices (not in a single browser as we mentioned) and save other sensitive information besides passwords, such as PIN codes, account numbers, documents, etc.

KeePass login screen

There are a number to choose from, like KeePass, Keeper, 1Password or LastPass, and some come with varying fees. Learn more about KeePass and how to use it by clicking here.

F-Secure demo screen

Use 2FA whenever possible

If any of your accounts offer two-factor authentication, or 2FA, your best bet is always to enable the feature. This is an extra level of security that could keep others from accessing your account, even if they have your credentials. Once enabled, you would still enter your username and password but the system would still require another piece of information, such as a code sent to your phone during a login attempt.

Many companies opt to send those codes via SMS, although that method can be subject to security problems. There’s now more of a transition to sending them by push notification instead, which eliminates a number of potential security threats.

Google two-factor authentication screen

Even if you use 2FA, don’t think of this as an extra step that has to be performed every time you access a particular account. After you prove your identity, you’ll often be given the option to mark the device you’re using as safe, so you won’t need to verify again.

The easiest hack of them all

Finally, don’t be your own worst enemy. You can employ any or all suggestions mentioned here, but you can also easily and accidentally unravel your online security in the real world.

Feel free to jot these tips down on paper, but don’t do the same thing with your passwords. Sometimes all it takes for things to go wrong is leaving the wrong sticky note attached to the monitor at your desk. Don’t even write them down at all if you can avoid it. No sticky note, no problem but also be aware of your surroundings, and any lurkers in the area who might be watching your keystrokes.

Also, it’s best not to share your passwords with others (even you, streaming service password-sharers) unless it’s absolutely necessary. You can even share Wi-Fi with your guests without giving out the password.

Asus share Wi-Fi QR code

And I can’t stress this enough: Don’t ever use the same password for all your accounts. If one gets exposed, that potentially means instant access to your whole digital identity — and all the information that comes along with it.

Tags: devices, Google, Google Chrome, hackers, phishing, scams, security, Wi-Fi