It wasn’t long ago that people would say to make a password that you can remember and don’t store your passwords in one place — a time when having an online presence was simpler, says Pieter VanIperen, Managing Partner at PWV Consultants. “Today, though, threat actors have become increasingly cunning and find unique ways to steal your passwords,” Vanlperen says. “They will then try your credentials on any website they think you have an account with, which is why it is also important to NOT recycle passwords. Never use the same password twice. If you don’t change your passwords on a regular basis, you can be easier to hack.”
If you ask yourself questions like — “did I use this password on another site?” “When was the last time I changed my password?” and “Have I been exposed in that time?” and you don’t readily know that information, Vanlperen says it may be time to consider better managing your passwords. “I would much rather you use a password manager or sufficiently long passwords than rotate frequently,” Vanlperen says. “Frequent rotation of passwords out of obligation or feeling it is more secure typically leads to progressively weaker passwords - like "mycat1’ - ‘mycat2’ - ‘mycat3.’ Not only are frequently rotated passwords more likely to be under 10 characters long, they are more likely to be simple with a suffix like symbols or numbers which make it much easier for hackers to hack.”
The best solution? Use a password manager.
“There are a few password managers out there that have top-notch security, so storing your passwords in one place is not terrible,” Vanlperen says. “A password manager can also create a long unique password for every account you have and it can auto-fill on websites so you never have to remember it. In a world where we have what feels like a million accounts, keeping track of passwords and not reusing them is increasingly difficult.”
But if you’re not going to use a password manager, Vanlperen advises using a passphrase.
“Something at least 14 characters long (24 is the sweet spot) and a phrase that has nothing to do with you,” Vanlperen says. “Something like ‘rainydaysaregloomy,’ it’s 18 characters long and pertains to nothing personal to anyone. The length of a password is more important than what the characters actually are, so capitals and symbols don’t matter as much as you think. The longer your password, the longer it takes a threat actor to crack.
Finally, when you recycle passwords, you not only increase the chances your account will get hacked, but you then increase the chances of having your entire identity stolen. Think about it, if you use the same credentials for Facebook that you do with your financial institution, when someone gets your Facebook info, they now can access your bank accounts and drain them before you even know it’s happened. The next time you log in to your bank info, you’re in for a huge shock. Not a fun way to discover you’ve been hacked.”
So, change your passwords, but more importantly: use a password manager or come up with long, unique passwords that will keep hackers guessing — and keep your information secure.