A strong password helps keep your information – and money – secure. When your passwords are weak, you put yourself at risk for identity theft, credit/debit card fraud and a whole slew of other un-fun consequences.
We’ve all heard the basics about creating a good password: make it long, use a combination of letters, numbers and symbols, and avoid anything that could easily be associated with you.
“Person-on-the-street interviews showed that people aren’t taking active steps to help protect themselves from fraud or don’t know what they should be doing,” says Dr. Brad Klontz, a financial psychologist who is teaming up with Chase to help share tips to prevent fraudulent activity.
“By working together, we can help you keep your accounts safer and even more secure,” says Michael Cunningham, the managing director of Chase Fraud Operations. “One of the simplest steps you can take to help prevent fraud is creating stronger passwords.”
Great. So what should you do, exactly, when trying to come up with a stellar password that will be hard to crack? We spoke to a few experts to get their top tips for creating an airtight password.
#1 – Yes, size matters
For a while, 6-8 characters were considered to be enough. Now, experts recommend upwards of 12-14 character passwords – at minimum – to ensure better security.
“The length and complexity of a password is important in that it makes it more difficult to be cracked,” says Greg Kelley, the CTO at Vestige Digital Investigations.
Shorter, simpler passwords are easier to figure out – especially by hackers who have the technology to do so. But when a password is long and complicated, that same hacker (or software) will move on to the next.
#2 – Skip the obvious
Weak passwords like “12345” and “password” continue to be the most common – and pose the biggest threat for users.
Also on the “no-no” list? Anything that someone could discover about you by doing a simple internet search. Things like your name, birthday, spouse’s name, dog’s name, or anything else that are easy to uncover via social media should not be part of your password.
This tip is especially critical when it comes to your bank account password.
“At the core, fraud prevention is a partnership between cardholders and their bank,” Klontz says. “Being a victim of financial fraud can be a very stressful experience. Why put yourself at risk when you can take a few simple, proactive steps to significantly lower your vulnerability to fraud?”
Don’t risk it: Take a few extra minutes when creating your passwords and come up with something unique.
#3 – Think sentences, not word
Many of the experts we spoke to stressed that creating a pass-phrase rather than a pass-word is a smart way to increase complexity.
“Quotes you find easily memorable — from books you love or movies you’ve watched – blended with special characters and numbers would be the best choice for a password due to its overall length and complexity,” says Avi Kasztan, CEO and founder of cyber intelligence firm Sixgill.
For example, “summertimeandthelivingiseasy” is better than, say, “summer1.”
To up the ante, mix numbers, capital letters and characters into your sentence to make it even better. Now it becomes “$ummerT1meAndTheLivingIsEasy.”
It’s a creative way to ensure your password will be unique and complex.
#4 – Utilize the space bar
When creating a passphrase, don’t forget about the spacebar! This keystroke is often overlooked by password cracking tools and can help make your passphrase more complex.
Alex Heid, Chief Research Officer at SecurityScorecard, suggests something like: “My favorite dinner is steak & potatoes.”
This works well, Heid says, because the phrase uses mixed casing and special characters – plus it’s easy to memorize.
#5 – Don’t neglect your email password
When many think about password security, they picture things like bank accounts, credit cards and other pieces of delicate information. Email passwords, however, are often overlooked. But access to this account can be destructive.
Because your email is a gateway to password resetting, locking in a secure phrase and changing it up on the regular essentially works as an extra level of protection for all your other accounts.
Michael Kaiser, Executive Director of the Nation Cyber Security Alliance, suggests implementing authentication steps for your email – a “layer of protection beyond login and password that’s readily available and free [for] nearly all major email providers.”
#6 – Switch it up
When all your passwords are the same, you’re essentially giving hackers a universal key into your life. Experts recommend changing your password every 60-90 days. However, changing your password often but neglecting to make each iteration complex enough could be just as bad as never changing it.
Joe Siegrist, GM and VP of password management site LastPass, says that a recent survey by his company found that 61 percent of respondents use the same or similar passwords across accounts, while 55 percent do so even though they understand the risk.
“Password reuse is one the easiest ways to get hacked, yet even the most tech savvy users are guilty of this,” Siegrist says.
Don’t be lazy! Vary your passwords across your accounts and never repeat those you’ve already used.