Your passwords are a first line of defense against many internet ills, but few people actually treat them that way: Whether it’s leaning on lazy Star Wars references or repeating across all of your accounts—or both—everyone is guilty of multiple password sins.
But while they’re an imperfect security solution to begin with, putting in your best effort will provide an immediate security boost.
Don’t think of the following tips as suggestions. Think of them as essentials, as important to your daily life as brushing your teeth or eating your vegetables. (Also, eat more vegetables.)
1. Use a password manager. A good password manager, like 1Password or LastPass, creates strong, unique passwords for all of your accounts. That means that if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services. The best ones sync across desktop and mobile, and have autocomplete powers. Now, rather than having to memorize dozens of meticulously crafted passwords, you just have to remember one master key. How do you make it as robust as possible? Read on.
2. Go long. Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity. Once you get into the 12-15 character range, it becomes way harder for a hacker to brute force, much less guess, your password. One caveat: Don’t just string together pop culture references or use simple patterns. Mix it up! Live a little! A quick for instance: “g0be@r$” does you way less favors than “chitown banana skinnydip.”
3. Keep ’em separated. If and when you do deploy those special characters—which, if you opt against a password manager, lots of input fields will force you to—try not to bunch them all together at the beginning or end. That’s what everyone else does, which means that’s what bad guys are looking for. Instead, space them out throughout your password to make the guesswork extra tricky.
4. Don’t change a thing. You know how your corporate IT manager keeps making you change your password every three months? Your corporate IT manager is wrong. The less often you change your password, the less likely you are to forget it, or to fall into patterns—like just changing a number at the end each time—that make them easier to crack.