Hacking and compromised online data is on the rise — a record-breaking 47% of U.S. adults were the victims of hacking in 2014 alone. A recent study reported that nearly 75% of consumers use duplicate passwords, many of which haven’t been updated in more than five years. About 40% of those surveyed have experienced a security incident, be it an account hacked or password stolen, in the past year.
How Do Passwords Get Stolen?
Passwords to online accounts serve as one of the last lines of defense against hackers. There are three main ways your password could be compromised.
- Someone you know wants to uncover your personal information. They may attempt to guess your password to gain access.
- A hacker is attempting to access a group of user accounts. Hackers systematically check possible pass phrases until they discover the right one.
- A company with which you have an account experiences a data breach and your information, along with millions of others, is hacked.
While some hacking incidents are nearly impossible to prevent, such as a company-wide data breach, you can make your accounts less susceptible by creating a secure password and following password safety best practices.
How Can I Pick a Strong Password?
A hard-to-guess password doesn’t have to be hard to create. Follow these seven tips for password creation.
- Avoid the most commonly used passwords. For 2015, the list of worst passwords included “123456,” “password,” “qwerty,” “football,” “welcome,” and “starwars.”
- Use at least 12 characters. While there isn’t one agreed-upon rule for password length, aim to use between 12 and 16 characters. Long passwords are harder to guess, but you don’t want them so long you can’t remember them.
- Use a mix of multiple types of characters, including numbers, capital and lowercase letters, and symbols.
- Stay away from dictionary words and phrases, as they are easier to guess than gibberish. If you have a phrase in mind, such as “love to learn,” consider a phonetic variation, like “<32lurn” — and add a few more characters for good measure.
- Don’t include personal information in your password. This includes your birth date, name, address, phone number, or social security number.
- Skip any repeating numbers or letters. The more characters that repeat, such as “55” or “WWW,” the more vulnerable the password.
- Steer clear of keyboard patterns. From “qwerty” to “123456,” there’s a reason the worst passwords list included many of these variations — they’re easy to guess.
Once you develop your password, test its strength by using a password checker, such as The Password Meter.
Password Security Best Practices
Creating a strong password is the first step in protecting your online identity. The next step is safeguarding your password by following these five cybersecurity best practices.
- Don’t save passwords in your browser — that may sound like common sense, but 59% of millennials regularly saves their passwords in their browsers. If your computer is stolen or hacked, someone could gain immediate access to your
- Use a different password for every account. If a company experiences a data breach or one of your accounts is compromised, your other accounts will still be secure. If you have trouble remembering and organizing your passwords, use a secure password manager, such as LastPass.
- Don’t share your password. Other than using a password manager, you shouldn’t tell anyone your password, write it down on paper, or store it in an unsecured document or computer program, such as Microsoft Word.
- Regularly update your passwords. Security experts and computer professionals recommend changing your online passwords every three months, but this may be extreme for some Internet users. While it depends on your Internet usage and preferences, aim to update your passwords at least once a year.
- Enable two-step verification when possible. While not all websites and programs offer it, many popular services, including Facebook, PayPal, Dropbox, and Gmail, offer two-step verification. This means that if you — or a hacker — is attempting to log in to an account on an unverified or guest device, you’ll also be required to enter a code that is sent as a text message to your phone.
Password protection is an essential component of safe Internet usage, helping you keep your personal information safe from prying eyes. If you can’t remember the last time you changed your passwords, set aside some time in your day to update them.