Your password is the first line of defense preventing hackers from accessing your data. While 2FA and passphrases are the new recommendations (see below) here are rules you should always follow when creating a password.
- 12 character minimum
- Combination of letters, numbers, upper/lower case, special characters
- Do NOT incorporate in your password any information that can be gathered about you via social media. This includes:
- Names of family members or pets
- Street address
- Favorite movies, cars, destinations, etc.
- Any part of your name
- Social security numbers or other sensitive info
- Phone numbers
- Schools and Universities
- Sports teams
- Do NOT use any of these common passwords
Goodbye Passwords, Hello Passphrases!
Technology is readily available that can crack many passwords even if they seem hard or are hard to remember. A passphrase looks to kill two birds with one stone and create a secure password that you will not forget. In a nutshell a passphrase is 3-4 words put together (16+ characters) that are memorable but would take a computer years to crack. See the below comic to get the idea.
Two Factor Authentication (2FA / MFA)
The best line of defense is to enable 2FA on all your accounts. 2FA is the system where you are asked for a one-time code from either a text message, code generating app, or dedicated security hardware. With 2FA even if your password is leaked your account will still be secure from all but the most dedicated hackers. Microsoft studies have shown enabling 2FA cuts down on security breaches 90%. Each website has its own method for enabling 2FA so please check your account settings page for more information. Some services such as Apple accounts have it enabled by default.
Links to the most popular 2FA authenticator apps are below (and can be used with any website). These are not needed if you receive your 2FA code via text message.