We consulted tech experts for (practically) no-fail ways to keep your digital world secure.
Go Totally Random.
“If you’re interested in picking a really strong password, the best thing you can do is pick it randomly,” says Joseph Bonneau, a technology fellow at the Electronic Frontier Foundation. “Roll dice, or there are some lists online of words you can randomly choose from. Generate something totally random that you have no influence over.” Try the Password Generator from Norton Identity Safe.
The Longer the Better.
Longer passwords are more secure, says Lorrie Faith Cranor, the Chief Technologist at the U.S. Federal Trade Commission and Director of the CyLab Usable Privacy and Security Laboratory: “Generally people should aim for a password at least 12 characters long.” Additionally, when mixing up numbers, letters, and special characters, try to spread each out. Don’t bunch up letters at the beginning or end of the password.
People are very “predictable” when creating passwords, says Cranor. “For example, if they are required to use a capital letter, most people put it first. If they are required to use a symbol they use an exclamation point and put it at the end.” When creating your password, avoid the obvious—like birthdays and names—but avoid keyboard sequences, too. “People often include a row of letters from the keyboard, because they think it looks random,” says Cranor. “But actually keyboard patterns, whether left, right, or diagonal, are among the most easily guessed passwords.”
Change Only If Necessary.
You may have heard that you need to change your password on a monthly basis, but both Cranor and Bonneau say that isn’t necessary. In fact, research shows that when people are obligated to change their password, they change it “according to a predictable pattern,” says Cranor, and so their new password is often weaker.
Keep Your E-mail Secure.
The biggest mistake people make is using the same password for multiple accounts—especially important accounts that you’d want to keep safe. Of course, you know that your financial accounts should have strong, unique passwords… but so should your e-mail. “Someone who has access to your email account can then trigger password resets on your other accounts and collect the reset links from your e-mail,” says Cranor. And social networking sites should be protected as well, as people could use those accounts to impersonate you.