What Makes a Secure Password?
A secure password is one that’s long, unpredictable, and difficult to guess. It typically includes a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using personal information, common words, or simple patterns. The longer and more random the password, the stronger the protection against brute-force and dictionary attacks. If you can, use a passphrase.
Password Length
Password length is now considered the most critical factor in password security, outweighing traditional complexity rules like mixing symbols and numbers. According to the latest guidelines from the National Institute of Standards and Technology (NIST), the recommended minimum password length is 8 characters, though longer passwords—such as passphrases of 12 to 16 characters or more—are strongly encouraged for better protection. The shift in focus reflects evidence that longer passwords are both harder to crack and easier for users to remember compared to short, complex strings.
Recommended minimum is 8 characters. However, your passwords should be no less than 12 characters in length.
Unpredictability & Passphrases
To further enhance password security, avoid using easily guessable information such as birthdays, common words, or sequential patterns (e.g., “1234” or “password”). Instead, consider using passphrases – combinations of random words that are easy to remember but hard to guess (e.g., “SunshineElephantBicycle27!”). Passphrases can be both secure and user-friendly, striking a balance between complexity and memorability.
Please do not use the example passphrase given as your next password.
Unique Passwords
It is essential to use unique passwords for each of your accounts. Reusing passwords across multiple accounts increases the risk of a security breach. If one account is compromised, the attacker can potentially access all your accounts with the same password. Employing unique passwords for each account helps mitigate this risk.
Remember to change your passwords regularly, and when prompted to change a password, do not reuse an old password.
Two-factor Authentication
Two-factor authentication (2FA) adds a crucial layer of security by requiring not just a password but also a second verification method, making it far harder for attackers to gain access. While SMS and email codes are widely used, they are vulnerable to interception through SIM-swapping, phishing, or compromised accounts. Authenticator apps, on the other hand, generate time-based one-time codes locally on a user’s device, meaning they cannot be intercepted in transit. This makes authenticator apps significantly more secure and reliable than SMS or email-based methods, which are better than nothing but increasingly considered weaker options. For maximum protection, security experts recommend using authenticator apps or hardware keys rather than relying on SMS or email codes.
Two-factor authentication (2FA) apps can generate codes from multiple different sites. Meaning, you only need one 2FA app.
Password managers
Password manager apps are designed to securely store and organize your login credentials, making it easier to maintain strong, unique passwords across all your accounts. Instead of reusing weak or memorable passwords, you only need to remember one master password (or use biometrics like a fingerprint or facial scan) to access the manager, which then autofills your credentials when needed. Many password managers also support storing sensitive information such as credit card details, addresses, and secure notes, while offering features like password generation, breach monitoring, and syncing across devices. By reducing the burden of memorization and encouraging stronger password practices, password managers significantly improve both convenience and online security.
Password managers offer a secure and convenient way to store long, complex passwords without the need to memorize each one.