July 27, 2021 —
Creating passwords for websites, bank accounts, phones or computers can be a challenge. Many sites want your password to be complex or longer than what you might feel is easy to remember. We understand this is a frustration and wanted to share some thoughts on why good strong passwords are so important.
In 2019, there were many stories about a leak of 772 million usernames and passwords that were stored on the internet for anyone to see and or use. That’s more than twice the population of the USA and the number of stolen and leaked usernames and passwords has grown since then. A bad person can try to use any combination of those usernames and passwords to break into online accounts.
Here are some general tips for making a strong password:
- Use a passphrase or combination of words. The key here
is choosing a passphrase that is easy-to-remember and yet complex. You could
use the first letters of a phrase you remember well (e.g., “tBontBtitq” for “to
Be or not to Be that is the question”) but preferable not so common that
someone that knows you well could guess.
- Make it 11 characters or longer. Most password cracking
tools break down at 10 characters so the longer the better.
- Try not to increment numbers. Password cracking tools
will automatically try incremented numbers on password to see if you just added
to an old password.
- Don’t use any
dictionary words. As mentioned above, password cracking tools can try every
word in a dictionary without any effort. A passphrase helps avoid using
dictionary words. For example, “MyDogCost$100” could be easy to remember, is
longer than 11, contains upper and lower case, and both special characters and
- Avoid reusing
passwords. It might seem really convenient to use a common passphrase, but it
could be a potential threat to other accounts. Even a good password is useless
if it compromised and used on other accounts.
- Protect your
passwords. If you have a hard time remembering multiple passwords, consider
using a password manager application. There are several out there and many of
them are free or low cost.
- If you have the choice always opt into using two-factor
Authentication (2FA). Using this additional step just adds another layer of
security. But be aware if you mark your device as trusted it bypasses 2FA only
requiring your password on your trusted device and they could be open to
All of those stolen and leaked passwords we talked about earlier are available online. You can look up any password on the website “Have I Been Pwned”, no that is not a typo it’s actually spelled Pwned. On haveibeenpwned.com you can enter any email address or password to see if it is on the list of cracked ones. If you find any of your emails or passwords, it would be a good idea to reset them using the tips from above.
Lastly proper cyber security is important. Hackers use advanced
tools to steal data and credentials. One of the most common methods is by
phishing emails with malicious links. Be careful before clicking links in
emails even if you know the name of the person it came from. Keep your devices
updated and install antivirus software on all of them. Clicking on a phishing
email or not updating your devices could sabotage your efforts in creating a
good strong password.
We hope this helps you create a secure password and protect