You just took the cutest picture of your cat, Julie, and can’t wait to share it with your friends and family on Facebook. But is your Facebook password “Ju1i3theC@t” and your Twitter password “Ju1i3theC@t123” … or is it the other way around?
It’s been thought for years that the strongest passwords were made up of a complex combination of lowercase and uppercase letters, numbers and symbols. However, it didn’t take cyber criminals and algorithms long to learn how to crack these passwords. In some cases, they didn’t even have to. The more complex passwords become, the more difficult they are to remember, and people resort to writing them down — putting their security at serious risk.
To create strong passwords you can actually remember, the U.S. National Institute of Standards and Technology recommends using the latest password-creation technique: not using a password at all. Instead, NIST recommends using long passphrases.
Passphrases and why you should be using them
A passphrase is a string of seemingly random words that have unique meaning to you. For example, a passphrase like “Blue Horse Closet Printer” is much more difficult for cyber criminals to crack but it has meaning to you, making it easy for you to remember.
Including spaces, starting each word with a capital letter and making your passphrase long will make your passphrase even harder for hackers to figure out. Just be sure that you don’t include any easily discoverable personal information (like your birthday, anniversary, city you live in or relatives’ and pets’ names) in your passphrase. If you post a new picture of Julie the cat every week, it would be easy for a hacker to guess that she’s included in your passphrase.
Now that you know how to create a strong passphrase, follow these tips to ensure you’re doing everything you can to further protect your accounts.
1. Avoid changing your passphrases too often.
Another best practice that used to be recommended was changing your complex password as often as every 90 days. Unfortunately, this practice led people to transform their password only slightly, reuse old passwords or write down their passwords to remember them.
Mark Burnett, author of Perfect Passwords, says a good, strong passphrase should only be changed every 6-12 months.
2. Use different passphrases across accounts.
If a hacker does access one of your online accounts, don’t let your other accounts fall with it. Use a different, unique passphrase across all your accounts. And don’t only transform them by a few characters, such as adding “123,” — it’s easy for hackers and algorithms to figure that out too.
3. Don’t allow your web browsers to “remember” your passphrases.
If your computer is compromised by a virus, all those remembered passwords are now at risk. If you create a passphrase with unique meaning to you, it should be easy to remember, and you can eliminate the need for your computer to remember it for you.