The ingredients for a strong password
Basically, you're looking for a password that's easy to remember but impossible to guess. Finding a balance between reliability and something a person can reasonably remember is possible. To create passwords like a pro, follow our best practices, backed by reputable local and international organizations such as the National Institute of Standards and Technology (NIST) in the United States.
The rule of thumb: Longer passwords are more secure
Experts say that a simple seven-character password can be cracked in a few milliseconds. According to the NIST and the Commission Nationale de l’Informatique et des Libertés (CNIL) (French only), a password needs to be at least 12 characters long to be strong. And a password with 21 characters is virtually unhackable using current technology.
You may not want to use the maximum number of characters, but keep in mind that every character you add increases your password security exponentially.
Afraid of forgetting such a long password?
To come up with a long password you'll remember, you can think of a sentence that will only make sense to you, like "I love living in a turtle," or a series of random words like "banana oven coffee clock," i.e. four items that you can find in your kitchen. You can write the phrase without spaces between the words to get “Ilovelivinginaturtle” and “bananaovencoffeeclock.”
Good to know
- Contrary to popular belief, using special characters no longer increases the strength of a password. In fact, a long phrase with more than three words is stronger than a single word filled with % signs. Even so, some sites still require special characters to be used in users’ passwords.
- If this is the case, choose a phrase with 4 to 5 words and insert special characters as needed, such as “!$%?&*;:=+()/” symbols, numbers, and uppercase and lowercase letters.
- Contrary to what many people think, a strong password doesn’t need to be changed. If it’s solid and unique, the best practice is to change it only if you think you’ve been a victim of fraud.
Common pitfalls when creating passwords
Here are the most common pitfalls to avoid to help you safely use technology:
Making your password too short and simple
In order to remember a new password, some people will be tempted to pick a short, familiar password. Here are some examples: a series of numbers (“12345”), letters in alphabetical order (“abcd”), your year of birth (“1956”) or the name of your dog (“Fluffy”). These types of passwords are easy to hack and should be avoided at all costs.
Keeping your passwords in an unsecured location
Storing your passwords on your phone, in an email or in a notebook is never a good idea. Keeping your passwords in an unsecured location means that your information is likely to be compromised if your devices or other belongings are lost or stolen.
Sharing your password
When it comes to passwords, confidentiality is the top priority. When you disclose your password to another person, you're giving up control. Even if they don't have any bad intentions, they could lose your password or reveal it to someone else. In short, you've increased your risk of identity theft.
Using the same password for all your accounts
There are tools keeping track of various leaks that can help you determine whether your email password was stolen following a security breach. All you have to do is enter an email address – no password needed. These lists aren’t extensive, so if your email address isn’t there, it isn’t a guarantee that your login information hasn’t been stolen.
Password managers: A smart option
Internet users have a multitude of online accounts. While experts recommend creating separate long passwords for each account, remembering hundreds of them is virtually impossible.
Using a password manager is a great idea for people with a large number of passwords.
What does it do?
A password manager will save you the trouble of memorizing all your different passwords. It will also generate passwords for you automatically.
How does it work?
These online tools store all your passwords in one place. You just use a single password, which serves as a “master” password. When you enter this master password, the app will automatically fill in the fields when you log into your various accounts.
Is it secure?
Since these password managers are a point of entry to all your accounts, your master password needs to be solid. A strong unique password is key when it comes to using this type of tool effectively. We also recommend using two-factor authentication to access your password manager.
We always recommend checking the source before entering your precious personal information, so be careful when shopping online for apps that will be granted access to your accounts and information. Do your research using trustworthy sources to find tools with a good market reputation. That way, you can ensure reliability and security. After having determined how to create a strong password and how to manage them, make sure to be cautious.
With the advancements in biometric authentication – like digital fingerprints or facial recognition – passwords appear to be on their way out. But until we see what the future holds, these tips will surely help you manage your passwords.
To learn more, find out how to avoid becoming a victim of phishing and Internet fraud.