Here are 5 ways to make your passwords much harder to be hacked
1. Do Not Use Personal or Known Information
Avoid using numbers from your birthday, phone numbers, social security numbers, family member names, pet names, sports teams, addresses and so on. Hackers already have or can easily find your personal information in public sources, such as county records and social media. When they attempt to crack your password, they will use a various combination of these to formulate a likely password that you would use.
2. Use a Long Password
Create a password that is at least 12-16 characters. The length of a password is a critical factor in its security. The more characters a password has, the more combinations a hacker must try in order to guess or brute force the password
For example, a 12-character password is significantly harder to crack than an 8-character password because the number of possible combinations increases exponentially with each additional character.
3. Use Passphrases Instead
Building on the previous point, passphrases are by nature longer. A passphrase of five random unrelated words would likely be more than 12 characters and can be significantly easier to remember.
For example, “Purple-Turtles-$100-Jazz-HANDS” is long, strong, and memorable. You can use tools such as Keeper’s passphrase generator: https://www.keepersecurity.com/features/passphrase-generator/
4. Do not reuse your password
According to TechRadar, 70% of breached accounts were due to password re-use. Hackers use a technique called credential stuffing. Essentially, they can purchase usernames and passwords in bulk from the dark web for pennies on the dollar. From there, they can find almost all your accounts tied to that username or email from various websites and try access your account.
For instance, if you are using the same email and password for online shopping, social media, banking, utilities, and other uses, if a hacker gets access to one, they can potentially gain access to all your accounts. Just imagine the havoc that can cause!
5. Use a Password Manager
You must be asking, “Danny, how am I going to remember a unique password for each of my 50+ accounts!?” The answer is simple, use a password manager. All you need to remember is one strong master password—I see you, Purple-Turtles-$100-Jazz-HANDS!
With a master password, you can get into your password manager vault, you will have access to all your other passwords. “Well, Danny, isn’t that putting too many eggs in one basket?” Although it is a centralized place to store your passwords, if you have a sufficiently strong password and MFA, it is very, very difficult for a hacker to get your passwords.
However, do note that not all password managers are made equal. The password managers that are built into your browser can easily be breached and have all your passwords extracted by hackers. Having a dedicated password manager that prioritizes security, such as Keeper or Bitwarden, is crucial.
If you are not already using a password manager, I highly recommend you do so. Ask your IT department about using one at work.
Bonus:
Although not technically a password feature, consider using multifactor authentication (MFA) wherever your can. Even if a hacker has your password, they still need that second factor to log in.
Rather than using your phone number with SMS, consider using an app such as Microsoft Authenticator or Google Authenticator—both of these are known as software tokens and they are much more secure than SMS, which can be intercepted or prone to SIM jacking. For even more critical accounts, consider using a hardware security key, such as a Yubikey.