Hackers are becoming more sophisticated and hacks more frequent. More of our lives live on the web, putting more sensitive data at risk. And on top of that, everything most of us were taught about passwords is wrong. You can read more in this article. In short, though:
- Using number and special characters in your password is generally not helpful
- 8 character passwords are too short
- Changing your password regularly (unless you suspect it to be compromised) does not improve password security
Modern and vetted advice about creating secure passwords boils down to the following:
- Know that things will continue to change, so it's important to stay up to date with the best science on internet security. These suggestions are not forever laws
-
Using unique passwords for each site decreases your chances of a catastrophic hack across multiple sites. How can you manage this, you ask? Password generators and password storage services like Lastpass, which Allyance uses with all its clients
- Remember that no security system is 100% secure. While Lastpass has best-in-industry security protocols, it could, in theory, be hacked. If you want to maintain the highest level of security possible, choose a password like those suggested before (but maybe longer) and simply memorize it. But in that case, you wouldn't be sharing it with your Ally anyways.
- Use long passwords - at least 20 characters. That said, it is fine if they are all lower case
-
To create memorable, long passwords, devise phrases of four to five words, ideally using random or loosely related words (e.g. avoid song lyrics, especially popular ones or top google searches like the ones that show up in suggested searches)
-
A good password might look like: sleepbetteronnettles or dandelionflufffromdirt or correcthorsebatterystaple
To create even stronger passwords, include numbers or number patterns between words. Such as dandelion9fluff8from7dirt6 or correct4horse4battery4staple4- This last suggestion does make the password meaningfully harder to remember, so only use it if you need to maintain some memorability but need the highest levels of security.
- This last suggestion does make the password meaningfully harder to remember, so only use it if you need to maintain some memorability but need the highest levels of security.
-
A good password might look like: sleepbetteronnettles or dandelionflufffromdirt or correcthorsebatterystaple
If you have any questions or concerns, please don't hesitate to reach out to your Ally.