Passwords are a pain. To be effective, they need to be long and complex, use a mix of characters, and you need a unique one for every account. Most people have a hard time remembering strong passwords, which is why we are all tempted to take shortcuts or reuse passwords to make them easy to remember. To solve this dilemma, I recommend that everyone – and I mean everyone – use a password manager.
A password manager will let you both create the ridiculously complex passwords that are necessary to keep your accounts safe and remember them all for you. While you may be concerned about putting all of your eggs in one basket, the password managers I recommend below have security features that make them nearly impossible to crack.
And for those few cases when you have to be able to remember a specific password (e.g., so you can always access your email, even without your password manager available), I have tricks for creating passwords that are strong and memorable.
How to create a strong password
Whether you're using a password manager or creating your own strong passwords, there are a couple of rules you should follow.
Make your password very long
If you just do one thing, make sure your password is long. Length is now the most important factor in determining how hackable your password is. Longer passwords are more resilient to brute force attacks, where hackers attempt to guess your password by trying all possible combinations. A strong password should consist of at least 16 characters.
If you need any convincing, check out the 2023 Hive Systems Password Table below to see how fast your passwords can be hacked based on the mix of numbers, letters, and symbols you use. How do your current passwords stack up against this chart?
Use a mix of letters, numbers, and special characters
A strong password should include a combination of upper and lower-case letters, numbers, and special characters, including !, @, #, $, and *. This mix increases the complexity of your password, making it harder to crack.
A password manager will do all of the above work for you.
How to create a strong password you can remember
Yes, there are times when you need to be able to memorize a password. I gave the email example above, and you also need to memorize the login for your password manager, itself, for obvious reasons.
Use a passphrase instead of a password
One of the easiest ways to remember a long, strong password is to use a passphrase, a series of words or a sentence that is easy to remember but difficult to guess. For example, “Eggs now cost $6.99!” is a strong passphrase that combines words, numbers, and special characters. (Yes, spaces can often be used as special characters. If they can’t, I use a period or another allowed special character or just take them out.)
Avoid common words and phrases
Avoid using common phrases or quotes and easily guessable information like birthdays, pet names, or favorite sports teams, books, and movie titles in your password. Hackers use information scraped from social media and dictionary attacks, where they systematically try combinations of common words in the dictionary to crack passwords (and yes, they know to substitute zeroes for "O," etc.).
Use a password manager
A good password manager will use state-of-the-art security and be easy to use, including suggesting strong passwords when you create new accounts. And it should work on all your devices for easy access. I use the Dashlane Friends & Family Plan ($7.49 per month), which covers 10 members. It checks all of the boxes and makes it easy for me to share passwords securely. It also offers phishing protection and dark web monitoring. I also recommend 1Password ($2.99 per month for one person or $4.99 per month for five users), which has similar features plus the ability to securely share passwords even with others who don't use 1Password.
Both of the programs I recommend are based on the principle of private keys that only you control to unlock your data. And your encrypted passwords on their servers are salted and then passed through hundreds of thousands of re-encryption iterations, making it impossible to crack using today's technology, even if a bad actor was somehow able to get access to the data.
Password managers will also protect you against phishing attacks because they will only offer to fill in passwords for a valid URL.
Add two-factor authentication
Once you have a strong password, back it up with two-factor authentication (2FA). This adds an extra layer of protection, requiring not only your password but also a unique code generated by an authenticator app or sent to your mobile device or email for login. Because then, even if your password is revealed through a phishing attack (you didn't really manually enter a password on that fake Facebook login link, did you?), your account will still be protected.
A strong password is essential to your online security. It’s your shield against unauthorized access to your accounts and personal information. By following the guidelines above, you can significantly bolster your digital security and enjoy peace of mind that your passwords are safeguarding your digital life.
[Image credit: Hive Systems, strong password photo concept via Adobe Firefly]