Keep your passwords strong and secure with these 9 rules

Passwords are still essential in our digital lives. Strong and secure passwords should be used. Follow these rules and you will be fine.

A strong password is essential for your online security and you need a unique password for each of your accounts. But with all these accounts, it’s very tempting to fall into the bad habit of using the same password (and username) everywhere. If your data is compromised, a weak password exposes you to, for example, identity theft. Before passwords are a thing of the past, it’s time to take the right steps.

Use a password manager

Strong passwords are long, hard to guess, with lots of special characters and numbers. This is where password managers come to the rescue. A good password manager like 1Password or Bitwarden can generate strong passwords for you, and these solutions work on both desktop and mobile devices.

The only downside, finally, is that you have to remember the only password, the master password, which gives you access to everyone else. It must be very strong. Also remember that even password managers can be hacked.

yes you can write your credentials

This recommendation goes against everything you’ve been told about online protection. But password managers are not for everyone. Some security experts, such as the Electronic Frontier Foundation, say that storing your credentials on a piece of paper or notepad is a viable method.

Of course, in this way someone can break into your house and steal all your passwords, but this is extremely unlikely. In the office or at home, keep this sheet in a safe or well-hidden place. And let a minimum of people know where she is.

However, if you often see your passwords, carry them with you, this will increase the risk of losing them.

Get notified if your passwords are compromised

It is not always possible to prevent your passwords from being compromised, but you can find out if this is the case. Mozilla Firefox Monitor or Google Password Checkup may tell you if such email address and/or password has been compromised. Have I Been Pwned offers the same feature.

Avoid overly common words and character combinations in your passwords.

The goal is to generate a password that cannot be easily guessed by a third party. Avoid common words and other predictable character sequences. Also, don’t use your first and last name, your pet’s name, date of birth, house number, or anything directly related to you. Especially if it’s public information.

Long passwords are better: 8 characters, no less

8 characters is a good length to start talking about strong passwords. But longer is better. The Electronic Frontier Foundation and security expert Brian Krebs, among many others, recommend using a passphrase consisting of three or four random “words”. However, it’s harder to remember, so a password manager is essential.

Don’t recycle your passwords

Reusing passwords across sites is a very bad idea. If someone gets the password, they will have access to your other accounts. The same is true for very simple modifications. For example, PasswordOne and PasswordTwo are prohibited! By using a unique password for each of your accounts, in case a hacker gets the password, they will only have access to that single account.

Avoid using already compromised passwords

Hackers use dictionaries when trying to login to accounts. And they, in particular, consist of passwords that have already been compromised. To check if your password has been compromised, go to the Have I Been Pwned website and enter your password.

No need to change password regularly

For years, changing a password every 60 or 90 days was common practice because people thought that was the time it took to crack a password. But Microsoft recommends today not to do this, unless, of course, you suspect a compromise. Why? Forced to change passwords frequently, many of us have developed the bad habit of choosing easy-to-remember passwords or writing them down on sticky notes taped to our screens.

Use Two-Factor Authentication… But Avoid SMS Codes

If thieves get access to your password, you can still deny access to your account if you have opted for two-factor authentication (2FA). The system will then ask you to enter a second proof, an ephemeral unique code, before granting you access. So, if a hacker gets your password without your trusted device (often your smartphone), they won’t be able to log into your account.

Most often, a unique code is sent via SMS or directly through a phone call. Unfortunately, modern hackers can easily spoof your line (by changing the SIM card) and intercept the code.

The safest way is to use an authentication app such as Authy, Google Authenticator, or Microsoft Authenticator. And once set up, you can register your device or browser so you don’t have to double-authenticate every time you want to connect somewhere.