Password Security

Creating passwords for websites, bank accounts, phones or computers can be a challenge.  Many sites want your password to be complex or longer than what you might feel is easy to remember.  We understand this is a frustration and wanted to share some thoughts on why good strong passwords are so important.

In 2019, there were many stories about a leak of 772 million usernames and passwords that were stored on the internet for anyone to see and or use.  That’s more than twice the population of the USA and the number of stolen and leaked usernames and passwords has grown since then.  A bad person can try to use any combination of those usernames and passwords to break into online accounts.

Here are some general tips for making a strong password:

1. Use a passphrase or combination of words. The key here is choosing a passphrase that is easy-to-remember and yet complex. You could use the first letters of a phrase you remember well (e.g., “tBontBtitq” for “to Be or not to Be that is the question”) but preferable not so common that someone that knows you well could guess.
2. Make it 11 characters or longer. Most password cracking tools break down at 10 characters so the longer the better.
3. Try not to increment numbers. Password cracking tools will automatically try incremented numbers on password to see if you just added to an old password.
4. Don’t use any dictionary words. As mentioned above, password cracking tools can try every word in a dictionary without any effort. A passphrase helps avoid using dictionary words. For example, “MyDogCost$100” could be easy to remember, is longer than 11, contains upper and lower case, and both special characters and numbers.
5. Avoid reusing passwords. It might seem really convenient to use a common passphrase, but it could be a potential threat to other accounts. Even a good password is useless if it compromised and used on other accounts.
6. Protect your passwords. If you have a hard time remembering multiple passwords, consider using a password manager application. There are several out there and many of them are free or low cost.
7. If you have the choice always opt into using two-factor Authentication (2FA). Using this additional step just adds another layer of security. But be aware if you mark your device as trusted it bypasses 2FA only requiring your password on your trusted device and they could be open to hackers.

All of those stolen and leaked passwords we talked about earlier are available online. You can look up any password on the website “Have I Been Pwned”, no that is not a typo it’s actually spelled Pwned.  On haveibeenpwned.com you can enter any email address or password to see if it is on the list of cracked ones.  If you find any of your emails or passwords, it would be a good idea to reset them using the tips from above. 

Lastly proper cyber security is important. Hackers use advanced tools to steal data and credentials. One of the most common methods is by phishing emails with malicious links. Be careful before clicking links in emails even if you know the name of the person it came from. Keep your devices updated and install antivirus software on all of them. Clicking on a phishing email or not updating your devices could sabotage your efforts in creating a good strong password.

We hope this helps you create a secure password and protect yourself online.