Are you one of the estimated 66% of people who use the same password for multiple accounts? It’s understandable, as it’s easy to get frustrated trying to keep track of all the passwords we need to use.
Despite that frustration, it’s crucial to choose a strong, secure, unique password for each website or service. It’s also important to set up and use passwords to log into your computer, tablet, smartphone, and other devices.
Tips To Create a Safe Password
So how do you choose a secure password? And how do you keep it safe? As a technical support specialist, I’m going to share my top tips for creating a safe password.
Make It Long
Choose a password that is at least 12 characters long. The longer the better. Websites have certain requirements for passwords. Most reputable sites will require a minimum number of characters, but most allow you to use more than what is recommended. If you have that option, take it.
Mix It Up
Use a combination of upper and lower case letters, numbers and special characters. Each website is different, and some actually require you to incorporate a variety of the three. Even if a site doesn’t, you should still mix it up.
Spice It Up
Nearly a quarter of U.S. adults have admitted to using some variation of the following passwords:
Don’t use a common word or phrase, and don’t use anything generic. It’s way too easy for a potential hacker to guess.
Leave Personal Information Out
Another problem is using personal information in a password. Avoid meaningful names and dates in your passwords.
Most people have social media accounts nowadays, and some share a lot of personal information on these sites. The content you post on social media is just one way a hacker can find your personal information and then try to use it to guess what your password is.
If you talk about your pet a lot on Facebook, know that your pet’s name is easy to “harvest,” so you shouldn’t use it in a password.
Use a Password Generator
Use a password generator to generate a secure, random password. Companies including Norton and Avast have password generators that I’ve used in the past.
If you use a password manager, most of them include a password generator within the program.
Never Use Old Passwords
Do not recycle old passwords, and don’t choose a password that is similar to something you have used in the past. Always choose a new, completely unique password.
Tips To Keep Your Password Safe
Now that we’ve reviewed several ways to create a safe password, let’s look at how to keep your passwords and personal information safe.
Use a Different Password for Every Website
I cannot stress how important this is: Choose a unique password for each site you visit.
If a hacker gains access to one of your accounts and you use that same password on other websites, the crook will most likely be able to log in to every account you use that password. This could include your bank account, brokerage account, email account, utility accounts and more. You could end up being a victim of identity theft which could potentially ruin you financially.
Change Your Password Regularly
Make it a habit to change your password regularly. I recommend that you do it every three to six months. Many people are reluctant to do this because it is time-consuming, but it is critical. Set a reminder on your calendar to do this regularly.
Change Your Security Questions
When you change your password, you should also change your security questions. Most of the time when you set up an online account, you will be prompted to select several security questions that would allow you to access your account in case you forget your password. Some sites also prompt you for the answer to one or more of these questions when you log on.
If a hacker gains access to your account, they also gain access to the security questions. And never use a common answer to these questions. For example, the questions may be something like, “What is your mother’s maiden name?” or “What street did you grow up on?” or “What was the name of the first school you attended?”
I recommend that you never use real answers to these questions. Instead, use a password generator to generate a password and then use that as the answer to the questions. That will make it much harder for the questions to be answered.
For example, someone who knows you or who goes to your social media sites may be able to guess the answer to common security questions, but if you don’t use a real answer they won’t be able to guess.
I log all of my security questions and answers in my password manager so that if I ever need them, I can easily look them up.
Use Multi-Factor Authentication
This tip adds another layer of security to your information. Multi-factor authentication grants a user access to a site or program only after the user provides two or more forms of authentication. It uses a combination of something you know, something you are or something you have.
Something you know can be a password, a PIN number or a passphrase. Something you are is normally some form of biometrics such as a fingerprint, iris pattern or voice or facial recognition. Something you have could be your cell phone or a token.
Use a Password Manager
A password manager is a secure database that allows you to save your passwords safely. You will use a master password to log in to the program, and that is the only password you will need to remember. All of your other passwords will be saved in the password manager.
I recommend LastPass and Bitwarden.
Keep Your Passwords Private
Do not share your passwords with others. You never know what someone else may do — even a friend, relative or significant other.
There have been many cases where a couple breaks up and one of them uses the other’s information for malicious purposes or just to snoop. If you do end a relationship with someone who may have your login information, change your password immediately.
And never write your passwords down. As I suggested before, use a password manager to keep track of your login information. I work in IT and I can’t tell you how many times I have gone to someone’s desk to help them with a problem and found their password written down on a Post-It note stuck to their computer screen.
Do Not Log In Using a Computer or Device You Do Not Own
Never enter your password on another person’s computer. It could be saved without your knowledge. This is especially important if you are using a public computer.
If you’re using your computer or other devices on public Wi-Fi, don’t visit any websites that require you to log in to an account (email, your bank, online shopping, your credit card company, etc.). When you are connected to public Wi-Fi, your data can be intercepted easily.
Better to be safe than sorry: Wait until you get home to access those sites.
Protect Your Computers and Other Devices
Be sure to password-protect your computers, tablets, cell phones and any other devices. This prevents someone who has physical access to those devices from logging in.
Avoid Saving Your Password in Your Web Browser
Some web browsers, including Firefox, Google Chrome and Microsoft Edge, allow you to save and store your password. While this is convenient, passwords can easily be viewed in the settings menu of each browser.
While some browsers may require you to enter a master password to view your saved passwords, the setting may not be turned on by default.
If you do choose to save your passwords, be sure to require that a master password is entered to view them. Each browser is different, but you can find this option under the Settings menu.
Watch Out for Phishing Attacks
Be careful when you receive an email or text message that contains links, prompts you to log in, change your password or provide any personal information. Even if it seems like it’s from a legitimate source or someone you know, it could very well be a phishing scam.
In a phishing scam, whatever information you provide goes right to the hacker so be sure to verify that the email or text is legitimate. Instead of clicking the link or responding to the message, go to the company’s website directly using the correct web address that you know to be true or call the person on the phone to verify.