Two decades ago, you had a single password to keep in mind, maybe two. But these days the list of sites and accounts you might want to sign up for is nearly endless. What’s worse is hackers prey on people who reuse passwords, so it’s important to use strong, unique passwords for every site.
You’d be shocked to find out how many people still use doozies like “123456” or “password” for their login credentials. Tap or click here for the biggest password mistakes you can make.
It’s time to get serious about account security. By rethinking how you create and store passwords, you can return to enjoying the internet instead of fearing it. Here are some ground rules to follow going forward.
1. All the characters — no exceptions
We tend to have multiple accounts online, so going with the least resistance point is why many create passwords that are easy to remember. Anything beyond that can not only be a struggle to come up with, but it can be even harder to remember.
Unfortunately, these simple passwords are also the easiest to hack. In fact, entire databases exist of the most commonly used passwords on the web, and you can bet that hackers know this. Simple passwords and phrases are what they try first when attempting to brute-force an account.
For a more successful password, create one using a complex combination of letters, numbers and alternating capitalization. In this case, a phrase like “Bingo123” would be much better as “biNg01789.” As you can see, the casing is alternated among the letters, and the numbers no longer follow an exact sequence.
The more random or complex your password appears, the harder it will be to guess. Naturally, using a more diverse palette of characters gives hackers more chances to fail when guessing your code. Don’t make the job easy for them!
For some assistance, you can turn to a tool that generates random passwords for you. Random.org takes the guesswork out of password creation.
2. Think bigger
Avoid using an ordinary word as the basis of a password. This is because words are usually small and contain fewer characters. Additionally, algorithm-based password crackers are getting progressively better at figuring out individual words found in most passwords.
To get around this, go bigger. While a full sentence as a password might seem unfeasible, a sentence is a string of consecutive words — perfect for abbreviation into an unrecognizable phrase.
Here’s an example: Let’s say your favorite baseball team is the Chicago Cubs. If you’re a Cubs fan, there’s no way you’d forget their stunning World Series victory in 2016.
So, to remember your code, take the phrase “Cubs won the World Series in 2016” and abbreviate it to “cwtwsi2016.” Substitute some characters and cases, and you’ll have “cwTw$i2016” — a far more complex password that is hard to guess but easy to remember.
Try it with a phrase you won’t easily forget, and developing a sophisticated password becomes easier. You could also create a full-fledged passphrase, keeping the phrase mostly intact but replacing certain letters and numbers with other characters and alternating between capital and lowercase. For instance: cUb$W1nW0rLd$3r13$1NzOI6. Now that’d be tough to crack!
3. Being different is key
On average, people usually have at least one social network they’re a part of, a bank that they frequently access, service accounts for utilities, cloud storage, app store passwords and several more accounts for their online activities.
Remembering more than one password is enough to hurt your brain, which is why people tend to take the easy way out and stretch the same password across multiple accounts. This isn’t an option in today’s digital world. Hackers know how common of a mistake this mode of thinking is and bank on it to reap their undeserved profits.
When a hacker cracks a password correctly, they attempt to use it on multiple platforms to see if it works. Unfortunately, it’s all too common for their efforts to be successful.
Using different passwords and passphrases across multiple platforms makes a hacker’s work much more difficult. You will prevent a domino effect from occurring in the event of a breach and are being more responsible with your data over taking the easy way out.
4. Sometimes, honesty is not the best policy
Here’s something else you might not have considered: When setting up an online account, many sites will ask you to answer a series of security questions as an added layer of protection. Things like what was the name of the street you lived on as a child? Or, what was your first pet’s name?
There’s a problem with that method. It’s not difficult for hackers to get their hands on that information. It could be as simple as checking your social media profiles to get those answers.
To lessen the risk, the answer is simple: lie. Don’t answer the security questions truthfully during the account creation process. It’ll make it much harder for a cybercriminal to crack.
Were you born in Arizona? Answer the security question with something like North Carolina. Did you have a dog named Fred growing up? Instead, say you had a cat named Sparkles. Just remember that this security measure can backfire if you don’t remember your bogus answers.
Since hackers work hard, it’s our job to work harder to create diverse, strong passwords, passphrases and security questions. It’s too bad remembering them all can be a pain, but that brings us to our next rule.
5. Don’t forget about this extra protection
No account security is complete without fully deployed two-factor authentication (2FA). This handy security method has been around for some time now and revolves around using an additional form of identification to access your account.
2FA uses something only you know (an answer to a question), something you have (your device), or who you are (a fingerprint, voice pattern or facial scan).
Most commonly, the platform will ask for your cell phone number, and you’ll verify your login attempt with a code the platform texts you. This is a strong strategy for several reasons.
First and foremost, it ties your account access to something only you possess — meaning only you or someone with access to your phone will have the ability to get in. Second, you’ll be informed of any unauthorized login attempts immediately.
Most importantly, 2FA adds a step that many career hackers won’t even attempt to bother with. It’s too much hassle and far beyond the abilities of any automated programs or brute-force hacker apps that might help crack your code.
Tap or click here to set up 2FA.
6. Authenticator apps make 2FA a breeze
Authenticator apps, like password managers, automate security processes. An authenticator app is usually installed on your smart device. It generates one-time passcodes consisting of 6-8 digits every 30 seconds. The code expires after 30 seconds, so if someone manages to get a hold of it, it won’t work after that time has passed.
You don’t need to provide a phone number to the app; the app itself is unique to your phone. Setting up an authenticator app with a site usually consists of scanning a QR code with the app to save a secret key. Afterward, whenever you log in to that site, it sends a code to your app generated from the initial secret key and the current time.
Both Google and Microsoft have their own authenticator apps. Tap or click here for more information.
7. It’s not that hard to keep organized if you use this tool
A password manager is one of the biggest essentials for modern internet users. By using one, you’re putting your passwords under encryption, which helps keep them safe.
A password manager stores and generates login information for all your devices and accounts. These programs can be installed as software or accessed through a website, browser extension or the cloud.
Our sponsor, Roboform, stores your passwords with just a tap or click. Online shopping and logins are easy thanks to its AutoFill function.
Roboform is available for Windows, Mac, iOS and Android and supports popular browsers such as Chrome, Firefox, Safari, Edge and Opera.
Roboform uses AES 256-bit encryption and supports 2FA apps like Google Authenticator and Microsoft Authenticator. Tap or click here for 50% off RoboForm everywhere subscriptions for Kim Komando users. That’s just $11.90 per year!
8. Google comes with a free password manager
Have a Google account? Then you also have a free password manager that makes it simple to create strong, unique passwords for all your online accounts. Your passwords are stored in your Google account.
Google’s password manager also warns you against using unsafe passwords. And if any of your passwords are published on the internet. Google can help you change the compromised ones.
Your passwords are stored behind Google’s built-in security using encryption. To view passwords, you’ll need to sign in again.
RELATED: Google made it much easier to change your compromised passwords
9. Apple’s free iCloud Keychain
Apple has a utility built into iOS called iCloud Keychain, which allows users to store all their usernames and passwords, generate new passwords and auto-fill information when needed to help cut down on password bloat and encourage everyone to use secure passwords.
That’s not all iCloud Keychain can do, though. If you’re browsing Safari and need to create a new account, iCloud Keychain will automatically pop up and offer to generate and store a randomly created secure password.
It will also automatically fill in relevant stored information, like usernames and passwords and shipping addresses and personal information, in Safari and across third-party apps.
Setting up iCloud Keychain is easy:
- Open the Settings app.
- Tap on Your Name.
- Select iCloud.
- Select Keychain.
- Toggle iCloud Keychain on.
RELATED: How to see (and fix) all your compromised passwords on your iPhone
10. Apple wants to eliminate passwords with its passkeys
Apple’s passkey system is a quick and easy way to get into your accounts using Face ID or Touch ID. There’s no need to create or manage passwords. Because Passkeys are synced with your iCloud Keychain, you can use them across your Apple devices.
You can even use your iPhone to sign in to apps and websites on non-Apple devices.
The technology goes a long way in preventing cyberattacks, as “Passkeys are intrinsically linked with the app or website they were created for,” Apple explains. When you are creating an online account with a website, you can use a Passkey instead of a password. That passkey is stored on your device, not a server. This makes it much less vulnerable to hacks.
Passkeys will be introduced with iOS 16, which launches later this year. Tap or click here for four features we’re looking forward to with Apple’s new operating system.
The easiest way to protect yourself
Cyberattacks are on the rise, and the more we rely on our devices for work, school and our personal lives, the more we have to lose. Whether it’s bank accounts, personal data, photos or conversations, there’s just so much to preserve and protect. That’s why we recommend our sponsor, TotalAV.
TotalAV’s industry-leading security suite is easy to use and offers the best protection in the business. In fact, it’s received the renowned VB100 award for detecting more than 99% of malware samples for the last three years in a row.
Not only do you get continuous protection from the latest threats, but its AI-driven Web Shield browser extension blocks dangerous websites automatically. And its Junk Cleaner can help you quickly clear out your old files.
Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
You may also like: 3 easy ways you can protect yourself from scammers and snoops NOW