woman using a laptop


How do you create highly secure passwords?

According to the National Institute of Standards and Technology (NIST), the longer your passwords, the more secure they are. This recommendation marks a shift from the old rule of thumb that focused on password complexity, rather than length. That said, the NIST is only recommending removing the requirement of having complexity. NIST is not recommending removing complexity as a security option. You can use a long and complex password, if you wish.

Why the move away from requiring complexity as the standard for passwords?
Research shows that human beings will normally use the same symbol for a letter (e.g., @ for the letter “a”). Criminals know this, and now they pre-program their hacking scripts to sniff out the norms we’ve created.

So, how secure is your password?
The most secure password is a long, personally meaningful phrase or sentence that you don’t share with anyone and you don’t write down. The longer the password is, the longer it will take for someone to crack it.

These longer passwords now become what we call a passphrase. Normally, this a sentence that make sense to you and allows for you to remember it easily. For example, the passphrase, “Ilovecrunchypeanutbutterandjellysandwiches” is more secure than “PB@ndJ4me!”

However, creating a long password using the same word over and over again, such as “ballballballballballball” defeats the purpose. Once the first word is cracked, it’s easy to crack the rest.

Want to see how long it will take a hacker to uncover your password? Check out this handy resource: https://howsecureismypassword.net

Where should you store your passwords?

For most of us, it’s pretty hard to commit (effective) passwords to memory, especially if we’re using different phrases for all the different digital accounts we use.

As tempting as it is to leave sticky notes on your computer monitor or under your keyboard, those practices make you an easy target for burglars, dishonest visitors in your workplace, or even that friend of a friend who shows up uninvited to your barbeque.

If you have a hard time remembering your passwords, it’s good idea to secure them within a digital password protector.

It’s also a good idea to enable fingerprint passwords on your devices, systems, apps, etc. The rule of thumb (so to speak) is to have at least two of the following three login methods, so you're using multiple factors to login:

  1. Something you KNOW (such as a password),
  2. Something you HAVE (such as a token)
  3. Something you ARE (such as biometrics)

How often should you change your passwords?

The old industry standard was to change your password every 45 days. Now, the NIST recommends you wait a longer period of time to change out your passwords, so they’re easier for you to manage. The longer timeframe also makes it less likely you'll shortcut your own security by writing an updated password down in an unsecure location. For instance, you might set yourself an annual reminder to update passwords on your birthday, New Year’s Day, the first day of your favorite season, or some other significant calendar event.

One last, important thing…
A password is not secure by itself, and it does not make your system 100% safe. Your cyber-security is impacted by the strength of your password, how careful you are with storage, the number of factors in your login method, and the frequency with which you update your passwords.