How to Use and Create Passwords Properly

How to Create and Use Passwords Properly, Eric Montgomery,

If a password is easy for you to remember, it’ll be easy for someone else to guess it.

Passwords play a large part in our lives

In my typical workday, it always seems that anyone I talk with has a love-hate relationship with passwords.

I often hear people say they don’t want the hassle of extra security when they want to check their email, social media, bank, medical portal, insurance, or whatever the account type.

Unfortunately, a considerable amount of our private information is sitting behind a password. And because we use passwords so often, I believe most people overlook the importance of creating and using passwords properly.

Don’t Reuse Your Passwords

The biggest problem is the reuse of passwords — people often use the same (or very similar) password on many, or all, of their accounts.

Suppose cybercriminals steal your account information from one site. In that case, they’ll try to use those same credentials on hundreds of other well-known websites, such as banking, social media, or online shopping, hoping you’ve reused the password elsewhere, which most of the time will be true.

Use a Password Manager

When I create a password, it tends to be at least 20 characters in length and contain UPPER and lowercase letters and numbers and special symbols (always check the password rules for each website).

Usually, when I share that information with a client, the next question is, “how do you remember a password like that?” Simple, I use a password manager.

Password managers store your login information for the websites you use and help you log into the websites automatically (or with a single click). They will usually also have a password generator to help you create better and stronger passwords.

In addition, your information is in an encrypted database that unlocks using your master password — the only password you must remember — that must also be strong and not used anywhere else.

Web browsers — Firefox, Chrome, Safari, Microsoft Edge, Internet Explorer, and others — have integrated password managers. But they often lack the ability to perform cross-platform syncing or help generate strong passwords.

The most popular password managers:

Create a Strong Password

When creating a password for a website, be sure to observe their specific password rules. Unfortunately, not all websites follow the same rules.

Use a minimum of 14 characters
The longer the password, the more secure it becomes.

Add Variety
Every password should include numbers, symbols, Capital, and lowercase letters. The more you mix up letters, numbers, and symbols, the more potent your password becomes. 

Don’t use Dictionary Words
Any word on its own is not secure, and any combination of a few words, especially if they grammatically go together, isn’t secure either. So, for example, “beach” or “living at the beach” is not secure.

Don’t use Personal Information
A password should not contain any personal information that can be publicly accessible such as your birth date, pet’s name, car model, phone number, or street name, address, or neighborhood.

How to Secure Passwords

Don’t Reuse It!
Having various passwords makes it harder for a cybercriminal to compromise all of your other accounts.

Use Two-Factor Authentication
Two-factor authentication adds another layer of defense for your information. This technology enables you to provide multiple pieces of information as authentication. Learn more in my recent article, “How does Two-Factor Authentication (2FA) work?

Secure your Security Questions
Beware of the “security questions” that websites use to confirm your identity. Typically, you may have a question like, “Name of your high school,” and your answer would be “Jefferson Senior High.” That information could be publicly discoverable that any cybercriminal can easily find and use against you. Instead, give non-related answers – such as, “Pepperoni Pizza.”

Always access Websites with Trusted Links
Scammers can easily duplicate the look of a company’s communications to fool you into clicking a phony link or opening an attachment. So use extreme caution with links that appear in emails, social media, or text/SMS messages. Instead, open a saved bookmark in your web browser and attend to the account directly. Or use a dedicated app on a mobile device (a much more secure way to access information).

Treat all Unexpected Requests for Sensitive Information with Caution
Be wary of anyone requesting sensitive information from you, even if it appears to be someone you know or a company you trust. For example, a crook may have hijacked a friend’s account and sent an email to everyone in the friend’s address book.