Creating strong passwords: A guide for staying secure online

Creating strong passwords: A guide for staying secure online

From banking details and shopping behavior, a massive amount of our personal information resides online. Protecting personal information requires vigilance, and one of our most critical lines of defense is a strong password.

Why strong passwords matter

Your password is the key to your digital vault. A weak password, like a simple lock, is easily broken and can leave your valuables exposed. A strong password, on the other hand, is like a complex combination lock, which is far more secure because it is significantly harder to crack.

Alarmingly, hackers constantly employ sophisticated methods to steal passwords, such as password-cracking tools and various phishing techniques. A strong password reduces the risk of having your accounts compromised, thus safeguarding your sensitive information, identity, and privacy.

NIST password guidelines: A framework for strong passwords

The National Institute of Standards and Technology (NIST) is a US agency that publishes guidelines on various cybersecurity practices. Their Password Guideline Standards offer valuable recommendations for creating strong passwords.

Here's a key takeaway from NIST's latest guidance: complexity is no longer the sole focus. While using a mix of uppercase and lowercase letters, numbers, and symbols is still recommended, prioritizing password length is now considered more important.

NIST recommends passwords to be at least 12 characters long. The longer your password, the more combinations a hacker needs to try — that makes it exponentially more difficult to crack.

Creating a secure and memorable password: NIST password best practices

There are other best practices besides password length that NIST recommends for creating strong passwords:

  • Use a passphrase – Instead of a single word, consider using a string of unrelated words that are meaningful to you. For example, instead of "baseballfan," use "ILoveSummerNightsAtTheBallpark."
  • Avoid personal information — Don’t use your name, birthday, pet’s name, or any other details a hacker could easily guess or find on social media or any online platform where your information can be found.
  • Beware of dictionary words – These days, automated tools can easily crack complex dictionary words. So when creating a password, it’s best to opt for a combination of words that aren't in any dictionary.
  • Resist keyboard patterns – Avoid sequences such as "qwerty" or "123456," as these are easy to guess.
  • Use two-factor authentication (2FA) – This adds an extra layer of security by requiring a second verification code when logging in, making it much harder for unauthorized parties to access your accounts. 2FA will be an additional safeguard in case your strong password gets compromised.
  • Remove hints or knowledge-based authentication (KBA) – Don’t use answers to security questions that could be easily guessed or found online, such as your mother’s maiden name or your childhood neighborhood. If a hacker gains access to your personal information, they can answer these questions and bypass your account security.

How often should you change your passwords?

Just a few years ago, the NIST-recommended practice was to change passwords frequently. However, NIST now suggests that regular changes are unnecessary if you create strong, unique passwords. The focus has shifted toward creating passwords that are resilient in the first place, reducing the burden of having to change them frequently.

However, there are situations where changing your password is still essential. If you suspect a data breach or believe your password may have been compromised, change your password immediately. Additionally, it's good practice to update your password for critical accounts (e.g., banking, email) periodically, such as every one or two years.

Related reading: Are passwords dead?

NIST guidelines for compromised passwords

If you believe your password is compromised, NIST recommends you do the following:

  • Change your password immediately for the affected account and any other account with the same password.
  • If you haven’t yet, enable 2FA.
  • If you suspect a data breach, report it to the relevant authorities.

Additional tips on securing your passwords

When it comes to securing your passwords, it’s highly recommended to take as many precautions as you can, including the following:

  • Use a password manager – Remembering multiple strong passwords is challenging, so use a password manager that securely stores your passwords and helps you generate strong, unique passwords for each account.
  • Watch out for phishing attempts – Phishing emails often attempt to trick you into revealing your passwords. This is why you should never click on suspicious links or enter your login credentials on untrusted websites.

Security is of utmost priority

Follow these tips and adhere to NIST’s guidelines to create strong passwords that can ensure the safety of your data online.

But if you want to bump your online security up a notch, why not partner with us at Quicktech? Our IT professionals will ensure your digital accounts remain secure and your valuable information stays protected. If your business is in Vancouver or elsewhere in British Columbia and you need help with online security, contact us today.