Just a few decades ago, most of the people who had to know and use passwords regularly were either civilian government employees, members of the U.S. military, information technology professionals, or those in certain social organizations, such as sororities, fraternities and Freemasons.
Now that we are more than two decades into the 21st century, almost all of us must use passwords daily, if not for our work, then for our personal computers and cellphones. As technology has evolved away from paper-based documents to digital, online information, much of what we do in our lives depends upon secure communications safeguarded by passwords. But what happens if our passwords aren't safely guarding us? Think of a password as a digital lock. With enough ingenuity and effort, most locks can be carefully picked and unlocked, or broken open by brute force, and it's the same situation with passwords—they can be guessed or hacked through a variety of complex or simple attacks, such as phishing. But there are actions we can take to make our passwords harder to breach; here are a few to consider.
Making your passwords harder to hack
First, make your passwords more complicated; don't use numbers or words that could be easy to guess. Street names and numbers, neighborhoods, city and states, birth or anniversary dates, colleges, nicknames, names of pets, hobbies and sporting team names are just a few of the most common components of passwords to avoid since they are obvious. Try using random letters, symbols, numbers, words from other languages, and mix them together to be more complex. Choosing randomly means avoiding any sort of pattern, such as using numbers or letters in a sequence, such as 1234 or ABCDE. It is also a good idea to always use a mix of upper case and lower case letters.
And make your passwords longer. For many of us, passwords tend to be short so they're easier to remember, but longer passwords are harder to hack. Instead of being brief, be lengthy and use sentences, quotes, phrases, and then mix in numbers and symbols.
Then change your passwords more frequently. A lot of us change our personal passwords on a regular schedule of approximately every…well, almost never. Seriously, unless we're prompted by a website or an email, most people keep using the same passwords for months or years. It's just easier than taking time to change passwords and remember them. Try changing your passwords every three months, and if that schedule isn't practical, extend it to every six months—go on; try it!
Did you know that passwords shouldn't be recycled? You create a much greater risk for your security by reusing passwords; they all need to be unique. With reused passwords, if a hacker gets just one password, then they have access to many of your accounts, rather than just one.
Be cautious about using a social media or email account that allows you to log in to other websites. In their efforts to offer as many services as possible—and make you more dependent on them—social media or email accounts may offer to log you into other websites. This is a problem because if the social media or email service is hacked, then all your websites connected to them become vulnerable and could be compromised. It's better to use your own, unique passwords for each website where you have an account.
Check if you can get password help from your browser. While some of our passwords may have stayed simple, internet browsers have gotten more sophisticated and much better at helping us with passwords. A feature with some of the latest browsers (check that you're using the most up-to-date version) is that they can generate, remember, encrypt, retrieve, and fill in passwords with just a few mouse clicks, so take advantage of the software you have, and turn on these features if they are available.
Can a password manager provide more security?
So, you use strong passwords and change them regularly—congratulations, since many of us are not that disciplined in our password usage! For those of us who may not be quite as rigorous with our password complexity and updating, what else can you do that might improve your online security?
As discussed above, if you have password management tools built into your web browser you should consider using them, but there's another tool to consider, a password manager. What's a password manager? Well, it's not someone you hire to handle your passwords for you, but it can provide good assistance to help protect your online activity. If your web browser doesn't have robust capabilities for generating passwords, a password manager can take on that duty and offer other benefits that your browser may not have.
A password manager is software that also stores, generates, and manages passwords. Usually it is a browser extension—an add-on piece of software that installs and integrates into your browser—but there are password managers that are also separate programs. Some password managers are completely free, and some software companies offer both free and paid versions of their manager that may differ in features. Here are some of the benefits offered by password managers; most of them are what your browser may be able to do on its own, but there is at least one enhanced feature to think about.
Benefits of password managers
You can forget to have a good memory. With a password manager, passwords no longer must be an annoying memory test, since you don't have to memorize a few (or a lot) of passwords; but you must know the password to the password manager. The password manager retains and secures your passwords with encryption.
Your passwords can become longer, stronger, and harder to crack. When you no longer must remember passwords, they can become more complicated, which makes them stronger. You can make them longer, include plenty of numbers and symbols, and capitalize more letters, all of which make your password harder to breach.
Filling in is faster than typing. Password managers will offer to fill in passwords for you, and clicking is faster than typing.
An additional feature that your browser may not have. A password manager may also offer multi-factor authentication. With multi-factor authentication, you are required to use additional authentication to be allowed to access your password manager. Multi-factor authentication means you must also use either a Personal Identification Number (PIN), a passcode (usually a set of numbers that might be texted or emailed to you), or a fingerprint, before you can get access to the password manager.
Is a password manager necessary? It may not be for some of us, but it's worth doing some research to see if one could help protect your online activities.
To learn more about online safety, we have other information that might be useful
We have a few more blog posts that you might find interesting:
Beside the above posts (that you should definitely check out!), the U.S. Federal Trade Commission has some useful information on passwords and password breaches; you should see what it has to offer.