A password is a unique key that lets you access your various online identities. Whether we are talking about shopping, banking, or gaming, it is an essential part of your online identity. With the advancements in hacker technology, and how companies may or may not report data breaches, it’s always a good idea to maintain a secure password that you can remember but also protect you from online identity theft or scams.
Here are five tips on making a secure password
1. Don’t be afraid of using password generators
Online password generators are now a dime a dozen. Googling them will let you find a few websites that will generate one for you. These websites will just generate one for you, and there is no way for them to remember what string you copy/pasted or used.
Further, these sites don’t know which email address these passwords are going to be used with, so you can rest easy knowing that even though these websites are making your virtual key for you, they don’t know what identities they’re being used with, or which password you chose to use.
While you might be apprehensive of using some sites, a few reliable sites like Norton and LastPass have the facility for free on their website.
If you’re using a password manager app like 1Password, DashLane, Bitwarden, etc. They also offer the ability of a password generator in their extension. In addition, all leading web browsers (Firefox, Edge, and Chrome) offer the facility of making a safe password for you and remembering it for you too. Just don’t settle for easily guessed passwords such as your birth date or even “123456”.
2. Invest in a password manager
A password manager is a saving grace on the internet. It basically acts as a virtual keychain. Instead of you remembering every password for all of your accounts, a password manager takes care of all of that for you, and you just have to remember the password to that particular password manager.
The internet is flooded with many password managers with 1Password, DashLane, and Bitwarden being some of the best when it comes to being free. However, if you wish to avail of their premium features, Bitwarden offers a truly amazing price of $10 for an individual account for a whole year. You can head to each of the password manager pricing pages and compare which one offers the best package in terms of price, convenience, and more.
With a password manager, you can install it on your phone, tablet, and laptop for a complete solution. This way all your passwords are always with you. If you’re worried about someone accessing these apps without your permission, you can lock them on each respective platform behind Face ID, fingerprint, pin, password, and more in the settings.
3. Making your own unique password
If you don’t want to remember a jumble of letters and numbers (who does?) then you can think out of the box and make something unique. One of the most popular methods is the XKCD method, which was made popular by a webcomic of the same name.
Just like any other recommendation. A good password should ALWAYS contain:
- A number (the more the better)
- A combination of upper (APPLE) and lowercase (apple) characters (ApPlE)
- Don’t use a single word or a sequence (Apple1234, Security7890, etc.)
- Don’t make a password something easy to guess. Your hometown name, your spouse name, your own name etc. Always use something random
- Make passwords 10 characters minimum and 20 characters maximum. Too short is too easy to guess, too long is easy to forget.
- Include symbols and other characters (#$^&)
- Don’t recycle passwords. If you have Password123 for your Amazon account, don’t use it for your Netflix.
4. Regularly check if you have been pwned
Haveibeenpwned is a free and reliable website that informs you if your password has been compromised on a site. Enter your email account and you will be told if a password associated with that account is compromised or not, and which site is responsible. If you have that password saved on your web browser or a manager, it is strongly recommended to change that one ASAP.
Remember, due to how laws vary between countries, some companies choose not to report data breaches, as opposed to the ones that do. Once every 3-4 months, drop a visit to the site, put your emails through the website, and see if any new passwords have been compromised. If they have, then promptly change them.
5. Do a password audit once a year
Once a year, sit down with a cup of coffee or tea and look through your year. Take a half-hour or an hour to look back at attempted logins to your account via emails and see which password was the weakest link of the bunch. In terms of importance, change your weakest passwords first. The one that has had more than 3 attempts in a year.
Use a password generator, and update the password for all of your websites once a year. Even the ones that didn’t have a hacking attempt on them. It’s good to always keep a fresh password detox once a year.
Bonus Tip: Make sure you have 2 Factor Authentication (2FA) enabled wherever possible. We will make a detailed guide on this very soon and update this guide with a link to it too!
