Every Password Should Be Unique
Every website you log into should have a strong, unique password.
Many of us take shortcuts and don’t follow password best practices because managing complex passwords across all of our accounts can be challenging.
Why are unique passwords important?
Let’s say your child’s school has a portal where you can log in and check your child’s grades, homework and upcoming calendars.
Then some nefarious, evil doer finds that the school’s security is lacking.
They gain access to all the parents’ email addresses and passwords.
The evil doer may do nothing directly with your data, however they are likely to sell it on the dark web to other evil doers.
They may attempt to log in to popular shopping and banking sites. They may try the same login information on your email provider and gain access to your emails.
Now they can see everything you do in your life.
You shop at this website… you bank at that one. Once they have access to your email they can just click the “Forgot Password” link and use the resulting email to reset the password to whatever they like.
How Important are Complex Passwords?
It is still important to ensure that each of your passwords is strong.
We recommend using a passphrase if it is supported. A passphrase is an easy-to-remember collection of words that is long enough to not easily be hacked but simple for you to type in and remember. “My funny friend Julie is certainly a silly goose” would be an example.
If you are not able to use a passphrase, use all of the options below to make sure your password is strong:
- Uppercase characters
- Lowercase characters
- Numbers
- Special characters, such as exclamation points, dashes, hashes, colons, semicolons or periods
- At least 12 characters; this exponentially ups the time it would take a dedicated computer to hack it (as long as the password follows the best practices above)
- Don’t use: real words (unless it is a nice long passphrase!) or a predictable formula, such as using a zero instead of an “o”.
Everyone knows they should have secure passwords, but it’s inconvenient. You might think, “If I memorize one super secure password and use it everywhere, that will work, right? Nobody would guess this password, and I could never keep track of dozens passwords anyway!”
Passwords are not usually guessed or “cracked” anymore… they are stolen.
Passwords can be stolen from an unprotected database or via malware that contains a keystroke logger. In any event, it doesn’t matter how complicated or super-secret your password is if it is not secured by the website or application storing it. Do you trust that every website you go to has the very best, un-hackable security measures?
Using a password manger can help you maintain unique and complicated passwords for every login.