I’m wondering how do u set the best password? Like what to keep in mind?”
Hi there, and welcome back to another week of Ask Trish! I hope you’re all well and having a great April. (For folks in the Northern Hemisphere, wherever you might be, I hope it’s starting to look like Spring!)
Thanks so much to this week’s question-er for the fantastic, always relevant question! (And indeed, despite its relevance, I believe that this is a topic we haven’t yet covered on Ask Trish – so thank you for raising it.) So many of the digital services we utilize today require accounts, and those accounts usually require a password (at least one, if not more!). Passwords are a key line of defense against hacks/your work and data being stolen – but folks can often get lazy with their password-setting. Unfortunately, the password “password123” is not the best way to protect yourself online. So how do you set the best, more secure password(s) possible? In this week’s post, I dig into that very topic. I’ll talk through i) what not to do, ii) what to do, and iii) offer some other recommendations and tips for achieving #passwordglory.
Ready to become a password champion? Let’s go:
First: what shouldn’t you do when setting a password? There are a number of things to note here. First and foremost, don’t use common, obvious words and patterns. Once again, “password” is not a great password! Similarly, easy to think up sequences, like “abc,” or “123” are not very secure either. So too are phrases like “letmein.” You might be tempted to rely on these types of passwords because they’re easy to remember…but don’t forget, the fact that they’re easy to remember/think of is also what makes them vulnerable. Similarly, don’t use personal information in your passwords. Lots of folks use their name in their password…but again, if you’ve thought of that, there’s a good chance a hacker has, too. Similarly, avoid putting your home address, names of pets, or phone number into your password. A lot of this information is publicly available, which means a hacker can find it…and use it to hack into your account. It’s also a good idea to stay away from short passwords. The shorter it is, by definition, the easier it is to guess/crack. And as a general password practice, I would strongly avoid reusing passwords. Again, this is an easy memory trick, but it means that if one of your passwords falls into the wrong hands, now all or nearly all of your accounts are vulnerable. Minimize the risk of that happening by diversifying your password use.
Okay…now we know what not to do. What should you do when setting a password? Again, there are a lot of good tips to keep in mind. In the spirit of staying away from short passwords, do set passwords that are at least 12 characters long. There’s a reason that a lot of digital services require that your password be at least a certain length! If you prefer not to use non-randomized passwords, try to draw on a unique phrase that is only meaningful to you, like a passage from a book. (But perhaps be careful of reusing popular Taylor Swift lyrics! Let’s be real…we’re all Swifities in our hearts.) And if you go this route, do also definitely draw on different characters, like numbers, symbols, and capital letters, e.g., I’VE!G0TABlaNKSpace<3. #iconic Alternatively, the best, most secure password you can set is a completely random one. Some people do this by randomly typing a bunch of characters on their keyboard, e.g., aksujhvaofjckssio21028!. Others use a password manager (more on that below) to generate and save random passwords. These passwords are, unsurprisingly, impossibly difficult to crack…and I must say, while I know plenty of folks who have had their password compromised, none of them were random password generators. (It’s a small, imperfect sample, of course, but hey…that’s pretty good.)
Before we wrap up, I also want to briefly chat about password managers, possibly the best resource you can draw on to achieve #passwordglory. Password managers are services/software that generate strong, random passwords and save them. They also offer functionality that will automatically fill in these passwords when you log into your digital accounts…so you don’t have to remember them all. Handy, right? There are tons of great password managers out there, including 1Password and Dashlane. If you’re interested in this option, feel free to do some additional research/experiment with managers until you find the one that’s best for you. I’ll conclude here with some parting thoughts re: how to ensure your accounts are secure even if your password is ultimately compromised (yikes). The best way you can do this is via what we call double authentication, or requiring two, independent sources of verification for log-in. That is, in addition to your password, you can add another, mandatory verification for log-in that only you have access to, like entering in an access code that you receive on your phone. In this case, even if someone correctly guesses your password, if they don’t have your phone, they still won’t be able to get to your account. Where this is an option, I strongly recommend that you take advantage of it.
I hope that you find these tips and tricks helpful – happy password-setting! And now, as always, before I sign off…I’d like to make my weekly request to ask all of you to share any of your thoughts, questions, or concerns about our digital world here. As I often remind you all, it is truly so simple and easy to fill out the form. So please, submit away! I can’t wait to hear from you. Oh, and one last thing – don’t forget to hype up our Ask Trish videos on social media. Like the videos, comment on them, and share them with your friends! Thanks so much in advance for giving #AskTrish a little love!
Have a great week,
Trish