Stealing passwords is one of the oldest moves in hackers’ book. Ever since Internet accounts have existed, people have been trying to break into them. Password scavengers have been remarkably successful, too: in August, we learned that Russian hackers stole 1.2 billion username and password combinations, and in April, a vulnerability called Heartbleed was found to expose users’ data on websites from Gmail to Instagram.
Why are passwords so easy to hack? Some password-related hacks are beyond our control, but part of our vulnerability is our own fault. We tend to write passwords that are way too easy to guess. And we reuse passwords on multiple websites, so if a hacker has one of our passwords, they’ve got access to other accounts, too.
To be clear, there’s really no such thing as an unbreakable password. Hackers who are persistent enough and are using sufficiently powerful hardware will always be able to figure out your credentials. But if you fellow a few of these tips to creating a strong password, you’ll be much harder to hack — and therefore much safer.
Use lots of quirky character types. One way hackers crack passwords is by using sophisticated password-cracking software to test combinations of numbers, letters and symbols for your credentials. It can require a lot of computing power to do, but for shorter passwords, it’s a pretty reliable hacking method.
The more types of weird symbols—like !@$%—that your password has, the greater number of tries a computer has to take to guess your credentials. And some sites have features that block multiple password attempts, meaning the more complex your password is, the more likely a hacker will get locked out before their software guesses the right code.
Don’t use dictionary words. Passwords with common words or phrases ones are the first to fall to increasingly adept password-cracking software. Passwords like “Iloveyou” and “password” are not a dependable line of defense.
Use different passwords on different accounts. If you use the same password twice, it’s an invitation for hackers to double-dip into your data. Mix things up to stay safe.
Use two-factor authentication. Even hackers that have stolen your passwords aren’t going to easily access your accounts if you follow this tip. Two-factor authentication requires you to know something (your password), and to have something (a phone with a code, for instance).
Gmail’s two-factor authentication is a good example of how this works: after entering your password, Gmail sends a code to your phone, which you then enter for access to your email. Unless hackers have both your password and have stolen your phone, this is a major roadblock.
Create a passphrase. Think of a sentence, then codify it. As an example, “I love skateboarding and reading” becomes “I<3sk8b0rd1ng&r3ad1ng”. That way, your password is complex but still easy for you to remember.