Password Hygiene in 2 Easy Steps

Password Hygiene in 2 Easy Steps

Everyone hates them, but good password hygiene is the first step to keeping your online accounts secure. Yesterday, we talked about setting up a password manager like 1Password, LastPass or BitWarden. Having one place to keep your passwords is important and today we’ll talk about making sure those passwords are good passwords.

There are two key elements to a good password: uniqueness and strength.

Unique – like you

As we learned yesterday, a recent study found that 60% of respondents re-use passwords between accounts. And as I said, that’s a really, really bad idea.

It feels like every day we learn of a new data breach that results in some customer information – including names, emails and passwords – being taken from websites by attackers. Especially if websites don’t use strong security on their side when storing your password, having this information sold and traded is a huge risk if you use the same password somewhere else.

Let’s take Netflix as an example. Say your password on Netflix is the same as your Facebook and Gmail accounts. If Netflix gets hacked and attackers get your password, they can try to log in to lots of other popular services – like Facebook and Gmail – with the same information. From there, they can spam your friends and wall, and try to get into all your other accounts because they’ve got access to your email.

Using a unique password for each account means they won’t be successful in their attempt to ruin your digital life, outside of taking over your Netflix account.

This is where your password manager comes in handy! You don’t need to remember different passwords for your accounts! Store them in your password manager instead, and it let it remember them for you.

Strong Passwords are important

While using a unique password helps protect your other accounts in the event of a data breach, strong passwords help if someone is trying to get into your account specifically.

There are a few things to consider about password strength. First, don’t use a word, phrase, name or date that’s important to you. Don’t use your phone number or your significant other’s. These things can be easy to guess, or found through some online research for a dedicated attacker.

Second, use as long a password as possible. In fact, passphrases are generally better than passwords. That’s taking a few works and stringing them together. They shouldn’t be a quote from your favorite book or song, but four or five (or more) random words. The webcomic XKCD has a great entry explaining why. In their example, correct-horse-battery-staple has a lot of entropy – unstructured information – and is harder for a person or a computer to guess. The shorter your password, the easier it is for an attacker to use a computer to run through every possible iteration.

Save your creativity for important things. Your password manager can make up a new password for you! Here’s an example of 1Password suggesting a new password for my Facebook account. I’ll never remember that password, but if I have 1Password on my phone and computer, I’ll never need to.

A password manager suggesting a strong password for an account.

Sometimes, sites have random and difficult requirements, like using a special character, a number and upper & lower-case characters. These requirements don’t actually make your password more secure! Go ahead and use your password manager to create a strong password, then adjust it to fit the requirements.

Should I change my passwords regularly?

It used to be common practice to suggest people change their passwords every 6 months. There’s actually no need for this. If you’re using strong and unique passwords, the only time you need to change them is when someone else gets hold of your password.

You might be overwhelmed about which non-unique passwords to start changing. That’s totally understandable — tomorrow, we’ll look at a way to prioritize them.

One Reply to “Password Hygiene in 2 Easy Steps”