Back to Top

Home | Guides

passwordNine Effective Password Tips

All of us use countless passwords each day. Some of us use and reuse the same password for dozens of accounts, while others utilize cleverly designed password managers to unload their brains, storing dozens of strong passwords in tightly encrypted strings. Read on to find out how to protect your passwords, and thus keep your personal, health and financial data secure.


Most hackers try to get access to our passwords by using brute force attacks. It's a trial-and-error approach which can provide results within seconds, days or months. While most of us aren't important targets, it is known that some hackers will attack the same system for months in a row.


Brute force attempts will often make use of dictionaries, which combine words with numbers and special characters. Since fast processors are needed for this task, many attackers utilize software which combines CPU and GPU (graphics processing unit) power.


People who want to stop brute force attacks must encode their data by making use of strong 256-bit encryption systems. Multi-factor authentication will also be of great help, even though some malware can also intercept the authentication codes which are generated by some of the most popular two-factor authentication apps.


Some hackers will crack your secure accounts by making use of publicly available information. They will click the "forgot the password" link, and then be directed to a page where they'll need to answer a series of simple questions, such as "what is the name of your pet?". As you can imagine, simple information like this can easily be uncovered by accessing your Facebook page, and the results are disastrous. To prevent this from happening to you, always use random strings to answer those security questions; the sites that ask for this information won't mind if your pet's name is "x6%thr3*D".


It makes a lot of sense to limit the number of unsuccessful password attempts. Ideally, each IP should be blocked for a day or more, after being the source of two or three wrong password attempts. Blocking people who try to input inexistent usernames is also a good idea.


To boost password strength, use long passwords which include symbols, numerals, lower-case and upper-case letters.


Don't ever reuse passwords. I know that it is very tempting to do so, but it can lead to a lot of trouble in case that one of the sites is hacked, and your leaked password is then tried on all your other accounts. If you really need to, you can memorize a "master" password string, and then customize it for each site. Let's assume that you have memorized H3y8a83!I4mh3r3!; you could add to it a two-letter site acronym and a digit that's equal with the number of letters in the site name, for example. This means that your master password would become H3y8a83!I4mh3r3!FB8 for Facebook, H3y8a83!I4mh3r3!TW7 for Twitter, and so on.


Don't access important website accounts by making use of free hotspots and unsecured wireless networks. Yes, even your best friend's computer may be infected with a virus, and if you access your online banking account using that device, the data may fall into the wrong hands.


Keep your passwords for yourself; don't show them to friends, and don't fill in those login forms in public places, where somebody else may be watching. Some people store their most important passwords on sticky notes, and then attach them to their computers; don't make this huge mistake!


Change passwords regularly. Password managers make the process a breeze, but if you don't trust them, feel free to use the "master password" system highlighted above, and then add 1-2 new characters to that password twice a year or so. It goes without saying that if you receive a legit security warning message or email, you should change the password for that account immediately.