Create and Use Strong Passwords

Your first line of defense in cybersecurity.

 

 

Passwords are the keys to safeguarding your digital and online life. They are often your first line of defense and knowing how to create strong passwords is one of the most critical aspects of everyday cybersecurity.

 

 

The power of long, unique, and complex passwords

 
For maximum security, remember three principles: 
1. Long
Passwords should be at least 16 characters long. The longer your password, the longer it takes for hackers to crack it using brute force techniques. Right now, an eight-character password takes a few minutes for hacker software to guess by trying every combination of letters, numbers, and symbols. A 16-character password takes an estimated billion years to guess.
 
2. Unique
Each account should have a unique password. If you reuse passwords, don’t feel ashamed. Reusing passwords is a bad habit many of us are guilty of, but you can start changing your habits today. Reusing passwords across multiple accounts can cause huge headaches. If one account is compromised, unique passwords ensure your other accounts remain secure. Small tweaks like adding a number or a special character aren’t enough; each password should be entirely distinct. You can use a password manager to create and store unique passwords for all your accounts to help keep track of different passwords. 
 
3. Complex
Passwords should include a mix of uppercase and lowercase letters, numbers, and special characters (like @, !, or $). Some platforms even allow spaces. The strongest passwords are a long string of random characters, not identifiable words, names, or dates. However, even if your passwords are random, we recommend they are each at least 16 characters long.
 
By using strong passwords, you’re taking a crucial step toward protecting your digital identity. 
 
Should I use multi-factor authentication too? 
 

Multi-factor authentication (MFA) adds an additional layer of security to each of your accounts. When you turn on MFA, you use more than a password to log in. This might be a facial scan, a text message code, or a special authentication app. We recommend turning on MFA for every account that permits it. Find out more in our guide to MFA!

How often should you change your passwords?
 
If your passwords are already long, unique, and complex, there’s typically no need to change them unless: 
    • You suspect unauthorized access to your account. 
    • You receive notification of a data breach involving your account. 
While it was common practice to change passwords annually or biannually, that is no longer the latest recommendation from industry experts. Changing passwords too frequently can lead to weaker habits, such as reusing old passwords or creating overly simple ones. Stick with long, strong passwords and update them only when necessary. 
 
 
What about passkeys?

Passkeys are an exciting new technology that removes the need for passwords. Instead of entering a password, passkeys typically have you log in with a secure device (like a phone) and use biometrics, like a facial scan to verify your identity. They are easy to set up and worth checking out.

 

 

Source: National Cybersecurity Alliance

Ready for a change? Make the move to MAX.