Passwords are the necessary evil of our modern world. Every new website or service requires you to create a username and password, and keeping track of all of them can be a huge task in itself. Passwords don’t have to give you anxiety though! They can actually be really simple if you know how to create a strong password.
Strong Password Recommendations Have Changed
For many years we’ve been told the only secure passwords are a mixture of uppercase, lowercase, numbers, and special characters. Unfortunately, these requirements just led to the same kinds of passwords being created. Everyone just stuck a number and an exclamation point at the end of their password and called it good.
Recently the organization responsible for researching and reporting on security standards, NIST, came out with some new password recommendations that can help users create strong passwords. The really good news here is that they no longer recommend frequently changing your password or using complexity! They do highly recommend using 2FA (2-factor authentication) though.
What is 2FA?
2-factor, or multi-factor (MFA) authentication requires something you know and something you have. The something you know is your standard password. The something you have is like your phone or a token. When you log in to your GMail you would enter your password, and then the website would text you a code that you would enter. The password is something you know and the code received on your phone is something you have.
Using 2FA can help prevent a huge number of security breaches. Don’t assume that with 2FA turned on you will be immune to security risks though. Some really smart phishing scams can get you to enter your 2FA code so they can use it to log in to your account. I highly recommend using 2FA on any account you can.
Details on How to Create a Strong Password?
Complexity has given way to the password length. The longer the password is, the harder it will be to crack. Regardless of how many different characters are included. These days there are supercomputers that can try thousands of password combinations every second. If there is a short password that looks like j4R*0seP it will still be easier to crack than a password like cakeframesodadoormovie. This is because the supercomputer will be trying all of the special characters and numbers as well now.
Passwords that fit the new standard should be a long string of random words put together. Not only does this make it easier for you to type in or remember, but it also creates the length necessary to be secure. I love using movie quotes for my passwords. Simply find words that fit together in YOUR mind, and use them.
Some websites or services haven’t quite caught on to the new strong password recommendations, and don’t allow you to have a password as long as I would prefer. I would at least try to maximize the restriction, so a password that can only be between 8-20 characters, I would definitely make it 20 characters long. This is an easy way to up your password game.
When to change your password
As I mentioned, the recommendations no longer require you to change your password frequently. However, they do recommend changing it anytime the password is compromised. If you give your password to someone, time to change it as soon as they are done. If there is a massive breach at a service you use, time to change your password.
You can check to see if your password has already been compromised on this website. It will tell you exactly which service compromised your password, so you can change it. Breeches happen frequently, which is one reason it is smart to have a different password for each service you sign up for.
Use a password manager
If you have different passwords for each website, how are you supposed to keep it all straight though? I prefer using a password manager like LastPass. You can install an extension on your browser that will automatically put the passwords into the websites you are trying to login to.
It’s also super helpful when you get a new phone. I always install the LastPass app first so when I download the other apps, LastPass can help me log in to them automatically as well.
Finally, LastPass can help you find which websites are using the same compromised password so you can change those as well.
So, stop using that same password you’ve had since 2005 and create a strong password today!
This post may contain affiliate links, which means I receive compensation if you make a purchase using the links.
Sarah Kimmel is a digital parenting coach and family tech expert. She has spent the last 16 years of her career as a Microsoft Certified IT Manager supporting over 100 small businesses. During that time she started Family Tech LLC to help families understand and manage the technology in their home. She has regularly appeared as a family tech expert on KSL News, BYUtv and Studio 5, and has been invited all over the world from tech companies like Lenovo, Verizon, Microsoft, Dell, and Samsung. Find out more on her website SarahKimmel.com