What are the best practices for creating a secure password? That depends on who you ask. Some experts, like Microsoft’s Alex Weinert say there is no such thing as a secure password. He thinks authenticator apps or biometric features like facial recognition are the only way to really be secure. But for those of us who need passwords, usually a lot of them, how do we stay as safe as possible? Depends on who you ask.

There are two kinds of password hackers.

  • Individuals attempting to figure out a password by guessing or researching you. This is oftentimes someone you know.
  • Professional hackers. This is, by far, the majority of password hacks. These people aren’t sitting there guessing. They’ve either stolen your password by breaking into a company server, harvested it from your device with Malware or a phishing attack, or are using computer programs to rapidly generate password attempts.

How do you fight back?

Complicated passwords

There’s long been the suggestion that requiring a mix of upper and lower case letters, numbers, and special characters helps stop both humans and bots. However, some experts say these passwords are hard to remember and encourage people to write them down or use the same passwords over and over again.

And it’s not going to matter how complicated it is if someone breaks into your bank’s servers and steals it, so why put yourself through the aggravation. But, it could thwart a nosy coworker attempting to check out your email.

Change passwords frequently

Many workplaces require users to switch out passwords every month or two and experts have recommended changing yours up regularly for decades.

However, some experts say this just encourages to people to use simple passwords or variations on the same words when they switch passwords. Some companies require

Longer is better

Nearly all experts agree that longer is better. At least 64 characters in length is suggested if you have that option. The longer a password is, the more likely a password cracking program is to give up on it after a few minutes.

Use an uncommon sentence that might only make sense to you. Put that phrase backwards.

Consider making up nonsense words that aren’t in any dictionary. Password cracking software can run through the whole dictionary searching for words to try.

Writing It Down

When you have several long, complicated passwords to keep track of, it’s tempting to write them down.

Saving them in plain text on your computer isn’t a very good idea. If certain types of malware find their way onto your network, they can harvest that information. A snooping coworker might be able to come across it as well.

Writing them down in a notebook is probably safer, especially if you’re at home. Make sure that list of passwords isn’t where anyone can find it. Perhaps use a code to identify which accounts the passwords belong to.

Password Managers

Password managers that generate random passwords and store your passwords can be a solution. As long as someone doesn’t break into the server for the password manager or get onto your computer and into the software.

Multi-Factor Authentication

One thing nearly all experts agree on is the importance of multi-factor authentication. Multi-factor authentication means that in addition to entering a password, there’s a second action required. Maybe entering a code you receive via email or text or answering an additional security question.