October 2018
Passwords are the key to almost everything you do online, and you probably have multiple passwords that you use throughout the day. Choosing hard-to-hack passwords and managing them securely can sometimes seem inconvenient. Fortunately, there are simple ways to make your passwords as secure as possible. Doing so can keep hackers from taking over your accounts, and prevent theft of your information (or money from online banking!).
These 7 tips will help make your digital life more secure.
Never reveal your passwords to others. You probably wouldn’t give your ATM card and PIN to a stranger and then walk away. So, why would you give away your username and password? Your login credentials protect information as valuable as the money in your bank account. Nobody needs to know them but you—not even the IT department. If someone is asking for your password, it’s a scam.
Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk.
Use multi-factor authentication (MFA). Even the best passwords have limits. Multi-Factor Authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in.
Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible.
Make passwords that are hard to guess but easy to remember.
- To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.
- Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
- Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, car model, etc.). If your friends can find it, so will hackers.
Complexity still counts. To increase complexity, include upper and lower case letters, numbers, and special characters. A password should use at least 3 of these choices. To make the previous example more secure: “Bread & butter YUM!”
Use a password manager. Password management tools, or password vaults, are a great way to organize your passwords. They store your passwords securely, and many provide a way to back-up your passwords and synchronize them across multiple systems. Though the University does not recommend any one solution, here are some examples of free password managers*:
MAKE IT A HABIT! For other effective cybersecurity habits, check out UC’s “Make It a Habit” webpage at https://security.ucop.edu/resources/security-awareness/habits.html.
See the full "Lock Down Your Login" Awareness Toolkit
---
* Endorsem*nt not implied
Credits: This article is based on content generously contributed by UCSB Information Security. Image courtesy of UCSC Information Security.
FAQs
Make passwords that are hard to guess but easy to remember.
- To make passwords easier to remember, use sentences or phrases. ...
- Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
Here are four tips that will help you create a strong password that's also easy to remember.
- Don't Reuse Passwords. Though it sounds convenient, try to not reuse a password for multiple accounts. ...
- Use a Password Manager. ...
- Create a Random Password. ...
- Don't Use Personal Information.
At least 12 characters long but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organization. Significantly different from your previous passwords.
What are four 4 best practices for passwords? ›
Password Best Practices
- Never reveal your passwords to others. ...
- Use different passwords for different accounts. ...
- Use multi-factor authentication (MFA). ...
- Length trumps complexity. ...
- Make passwords that are hard to guess but easy to remember.
- Complexity still counts. ...
- Use a password manager.
Create A Strong, Long Passphrase
Strong passwords are considered over eight characters in length and comprised of both upper and lowercase letters, numbers, and symbols. The US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember and difficult to crack.
What is a common password guessing technique? ›
Brute-force attack
The longer the password, the longer it takes. Brute-force attacks are most successful when users have common or weak passwords, which can be “guessed” by tools in a matter of seconds. Cracking a strong password might take a few hours or days.
What is the best method to keep passwords? ›
A password manager (or a web browser) can store all your passwords securely, so you don't have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).
Which is the strongest password in the world? ›
Try to include numbers, symbols, and both uppercase and lowercase letters. Avoid using words that can be found in the dictionary. For example, swimming1 would be a weak password. Random passwords are the strongest.
How to pick a strong password? ›
Choosing a Strong Password
- Make your password into a passphrase . The longer a password is, the more difficult it will be to attack the password by guessing (or brute force). ...
- Use unique passwords. ...
- Avoid publicly available information. ...
- Avoid common words. ...
- Change it periodically.
Start with a phrase or acronym that's easy to remember, substitute some letters with numbers and symbols, mix in uppercase and lowercase letters, and ensure it's at least 12 characters long. Let's use the phrase "When pigs fly" to create a strong password: "#! WhenP1gZFlY#!".
You can check if the password manager has a user-friendly interface by reading reviews or looking at screenshots if they are in the public domain. Ideally, the system should use clear language, avoid jargon, and browser extensions should work automatically.
Which of the following should avoid while choosing a password? ›
Don't use any word found in a dictionary longer than three letters. Hackers use automated programs to crack passwords using special programs that scan for any word found in a dictionary. This includes any word spelled backwards. Don't use numbers in place of letters. For example, "Password" becomes "Pa55w0rd."
What should you keep in mind while choosing an effective password? ›
The passwords must be long and as complex as possible. It should contain at least ten characters and combine symbols like commas and percent signs, as well as upper case and lower case letters and numbers. Never write down your password as it makes it easier for the passwords to be stolen and used by someone else.
How should I organize my passwords? ›
A dedicated password manager is the best way to organize and protect your passwords. With a password manager, you can easily access all of your passwords in one secure place. It often comes with many automated features that make securing and organizing your passwords much easier.
Where is the safest place to save passwords? ›
If you prefer convenience over security, a password manager is a secure way to store passwords online. When storing passwords offline, a paper password book is the best option. Because pen and paper cannot be hacked, they can keep your passwords safe for years to come.
What is one of the best practices in storing passwords? ›
Hashing and encryption can keep sensitive data safe, but in almost all circ*mstances, passwords should be hashed, NOT encrypted. Because hashing is a one-way function (i.e., it is impossible to "decrypt" a hash and obtain the original plaintext value), it is the most appropriate approach for password validation.
October 2018