Use longer passwords

Using longer passwords can help make your accounts more secure because it increases the number of possible combinations that an attacker would have to try in order to guess your password. The longer the password, the harder it is to crack.

For example, a password that is eight characters long and consists only of lowercase letters has 208,827,064,576 (268) possible combinations. A password that is 12 characters long and includes a combination of uppercase and lowercase letters, numbers, and special characters has 7,776,441,441,441,976,768 (4712) possible combinations. As you can see, the longer password has significantly more possible combinations, making it much harder to crack.

In general, it is recommended to use passwords that are at least 12 characters long and include a combination of upper and lower case letters, numbers, and special characters. This will help protect your accounts from being compromised by attackers who use precomputed lists of common passwords or automated tools to try and guess your password.



Avoid using personal information

It is generally not a good idea to use personal information in your passwords because this information can often be easily discovered by attackers.

For example, if you use your name, birth date, or address as part of your password, an attacker could potentially discover this information through public records or social media profiles and use it to guess your password.

Additionally, using personal information in your password may make it easier for you to remember, but it also makes it easier for someone else to guess. if you use your name or a family member’s name as part of your password, someone who knows you personally may be able to guess or crack it more easily.

The less information you share publicly, the safer you will be!

If you are a mother, I’m generating custom wordlists based on the names of your children or even family pet. If I know your pet’s name is Ludwig, I’m probably integrating a German dictionary into my custom wordlists as well. Every morsel of personal information is of great value to an attacker targetting a specific individual.



Use unique passwords for each of your online accounts

Using unique passwords for each of your online accounts is important because it helps to prevent the compromise of one account from leading to the compromise of all of your accounts. If you use the same password for multiple accounts and one of those accounts is compromised, an attacker could potentially gain access to all of your accounts.

By using unique passwords for each of your accounts, you reduce the risk of this happening. If one password is compromised, the attacker will not be able to use it to gain access to any of your other accounts.

Using unique passwords for each of your accounts can also help to protect your personal information and prevent unauthorized access to your accounts. If an attacker is able to guess or crack one of your passwords, they will not be able to use it to gain access to any of your other accounts.


Use a password manager

A password manager is a tool that helps you generate and store strong, unique passwords for all of your online accounts. This makes it easier to use different passwords for each account and reduces the risk of your passwords being compromised.

Password managers are somewhat controversial in my business and while I think ultimately lead to more secure accounts, there are some risks associated with storing all your passwords in a database on a remote server, even if it is encrypted with your own master key.

For more information on password managers, check out our article Password Managers: Pros vs Cons


Use Two-factor Authentication

Ok, so this isn’t really a password tip as much as it is a modern-life tip.

If your site or service supports 2fa or two-factor authentication for your account, enable it immediately!

Simply put, 2fa makes your accounts infinitely more difficult to access by an unauthorized person. With 2fa, once you validate with your traditional username and password, the second method of validation is required, often an SMS text message to your mobile phone number associated with your account containing an OTP or one-time passcode.

If you’re not a high-value target, most “hackers” would simply move on to their next target at the point of discovering the 2fa requirement for your account. The difficulty level to access the account just exceeded the return of gained access, in most cases. While 2fa accounts have been compromised in the past, this is almost always the result of either a zero-day vulnerability exploited on a high-value target or a target or associate being socially engineered into complicity.

If your site or service does not support 2fa, I would consider finding a different site or service with a more modern approach to user security.

By following these best practices, you can help protect your personal information and prevent unauthorized access to your online accounts.