How to Make Sure Your Password is Actually Safe
Published on April 17, 2014
With security malfunctions, bugs (like the recent Heartbleed bug), hackers... the passwords you desire to keep secret may not be as safe as you think.
How can you strengthen your passwords against these threats? Here are some great tips.
Use a Secure Password Generator and Manager
Many hackers are able to identify passwords based on patterns and expectations, and substituting a "3" for an "e" or capitalizing a few random letters is just not enough anymore.
Additionally, if you are the type of person who likes using the same password for everything (just so you don't have to remember multiple passwords), remember: if one goes down, they ALL go down. Having variated, unrelated passwords is the best way to combat this.
The most secure way to create long, random, complex passwords is to use password manager, like LastPass, KeePass, or 1Password. These not only store your passwords for you, they also create random passwords for you that you don't have to remember.
LastPass is our favorite. It is extremely secure, browser integrated, includes organization and password storage, generates random, complex passwords, and is completely free.
Avoid Predictable Password Formulas
If you'd rather manage all of your passwords yourself, make sure you're avoiding predictable formulas, like these:
- Common name, place, or word as the root: "soccer"
- Capitalize the first letter: "Soccer"
- Add a number, probably at the end "Soccer14"
- Add a common symbol at the end "Soccer14*"
These patterns are a dead giveaway to password hackers. The solution? Don't do what everyone else is doing, avoiding the pattern above, and remember these 3 golden rules:
- DON'T use a single dictionary word, name, or date
- Use a mix of character types, including spaces
- Make your password as long as possible
Use a Unique Password for EVERY SITE
I know, it sounds like a pain to have a unique password for every website. This is, however, the #1 most important strategy of all, as it limits the amount of damage done if your password ever does get taken.
How do you keep track? The best strategy really is to use a password manager like LastPass, but you can also consider keeping a password-protected, encrypted Excel sheet file on your computer that lists all of your websites and passwords.
Use Random (and we mean random) Passwords
Not only should you have variated passwords from website to website, they should also be entirely random from one another. Changing a couple letters or numbers from password to password, unfortunately, just isn't enough to get a hacker or bug off of your trail - they can easily figure out your algorithm.
The rule of thumb is: If you can remember it, someone else can probably figure it out. LastPass can randomly generate these passwords for you in varying lengths and completely random relation to one another, or you can go at it yourself.
Did we mention... LastPass?
Yes, we are repeating ourselves, but really, a password manager like LastPass makes your password database a whole lot simpler. It fulfills all of the functions listed above, keeps your information entirely safe, and saves you the headache of having to remember all of your uniquely complicated passwords. For details on how to integrate LastPass into your current stash of passwords, there is a great article from LifeHacker on how to audit and update your passwords with LastPass that we highly recommend you check out.
Bonus - Your Mobile Solution
If you're on Android (your cell phone and/or tablet) the latest version of Lastpass's Android app will fill in your passwords for you in your apps and web browsers on your phone or tablet.
Questions? Comments? Don't hesitate to send us an email or give us a call. We'll be happy to hear from you.