At this stage, you probably know the basics for password security: don’t write them down, use a password manager, use two-factor authentication whenever possible and don’t use anything that’s glaringly obvious or easy to crack.
All of that advice stands, and you need to keep it up. WIRED asked a field of security experts for their unexpected advice and best practices that might save you from a cyber headache in the long run. Here are six tips and tricks to keep your accounts secure:
1. The longer the better
“A longer password is stronger than a random password,” says Mark Burnett, author of Perfect Passwords. But the password should be at least 12-15 characters long.
In fact, a long password that comprises only of lower-case letters can be more beneficial than crafting just the right combination of alphanumeric gibberish.
Burnett added: “Usually all it takes is a password just two characters longer to make up for a lack of other types of characters such as upper case, numbers, or symbols.”
2. The weirder the better
CEO of SplashData, Morgan Slain stresses the importance of mixing it up. He said “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.” says Morgan Slain, CEO of SplashData, a password management company that puts out an annual list of that year’s worst passwords.
Slain recommends avoiding common culture terms, regardless of length. The more common a password is, the less secure it will be.
3. Don’t overcrowd with special characters
Many password input fields require you to use a combination of upper case and lower case letters, numbers, and symbols, and that’s fine – just keep them separated.
It’s predictability that will put you at risk. Avoiding front or back-loading passwords with special characters gives you a lot more real estate to work with, which creates a bigger bottleneck for anyone trying to break in.
4. Don’t double dip
Okay, so you have followed every recommendation down to the last special character. At this point it would take years for someone to crack their way into your account, but then you make a crucial mistake – using the same password across multiple accounts.
Your passwords are only as secure as the sites to which you entrust them. If you don’t want to pay dearly for someone else’s mistake, limit the potential fallout by using a unique password everywhere.
5. Don’t get caught in the change game
Microsoft Research security expert, Cormac Herley says “frequent password changes are largely a waste of time.
“There’s no evidence that password changes improve outcomes.”
Passwords can be difficult to remember, and they should be. It’s better to go through the trouble of creating a really strong one and sticking with it.
6. Cover every possibility
When deployed properly, passwords are unquestionably effective. They’re even better, though, as part of an overall plan of attack.
Adding a layer of robust authentication makes sense, and makes your online security that little bit more airtight.