Having a strong, trusty password is crucial to using the internet safely. And yes, 2FA does decrease the need for an extra secure password, but 2FA isn't always possible and even when it is, one can never be too careful! Here are some tips to ensuring you choose the best password:
1. Choose a difficult password
A difficult password has the following characteristics:
- At least 12 characters long, but ideally at least 16 characters.
- Contains letters, numbers and special characters.
- Contains upper and lower case letters.
- It does not include your name, surname, username, email address or other personally identifiable information.
- Easy password: catcatcatcat123cat
- Difficult password: CatTacCat1@3cat.!
2. Do not re-use passwords
If you are still using your password from 20 years ago from when you got your first hotmail account, chances are it is already floating around somewhere on the web. Don't believe me? Try entering your e-mail address here: https://haveibeenpwned.com/ ... this site tells you when your e-mail address appears in a hacked list. As paranoid as I am, I have received notifications from them about old accounts being compromised. The most recent one was due to this.
3. Change your password at least once every few months
This makes it significantly harder for you to fall victim to old copies of databases being distributed on the dark web and your password being exposed.
4. Do not use the same password twice (for paranoid users)
I do recommend using a different password on all sites, but I also understand that this can sometimes cause more harm than good. If you have to remember 20 passwords, chances are you are just going to end up saving them in a spreadsheet or somewhere that can be hacked as well. So in many cases, the better security tip might be to at least try and use a different password for accounts that have funds in them or accounts where you have something to lose.
5. Do not save your password in your browser (for paranoid users)
This is not just about saving your password in the browser when you are using someone else's computer or a public computer. That in itself is bad, but the problem is even when you store the password on your computer at home. If your computer gets hacked, a clever script could easily obtain all the usernames and passwords stored in your browser.
However, the password saving mechanism in browsers is there for a reason: convenience. It might make more sense to again, simply limit the saving of passwords to non-crucial websites. That way if your passwords are stolen, at least they won't be able to access your most crucial accounts.
6. Use a key as a password (for paranoid users)
Instead of using a typical password, you can instead generate a random string of over 64 characters long. This is not a string that you would be able to remember, so you would need to save it somewhere secure. This essentially just offloads the problems, but if you can keep your own computer secure, this can be a significant enhancement to your password security.