Passwords are so early 2000’s and let’s be honest, us humans are pretty terrible at creating secure passwords, myself included. In today’s day and age, unique passphrases, in addition to using multi factor authentication, are key to keeping hackers out of your accounts and stealing your personal or financial information. The best types of passphrases are the ones that contain a string of unrelated words. This makes them easier to remember than passwords containing random letters, numbers and symbols.
How to create strong passphrases:
- Use passphrase, not a password. A passphrase is a longer, more complex version of a password. It can be a sentence, a phrase, or a combination of words that are easy for you to remember but difficult for others to guess.
- Use a long passphrase. The longer your passphrase is, the more secure it is. Aim for at least 15 characters, if not more. This makes it harder for cybercriminals to crack your passphrase through brute force attacks.
- Use a combination of uppercase and lowercase letters, numbers, and symbols. This combination makes it more difficult for cybercriminals to guess your passphrase through brute force attacks. To make it easier to remember, separate each word with a hyphen, space, period, capitalized first letter or number to add more complexity to your passphrase.
- To remember your passphrase, use a sentence or phrase that is meaningful to you, such as a favorite quote, song lyric, or personal mantra. Another option is to create a story that ties all the words together. For example, if your passphrase is “Lyrics-Unicorn-Stained-Fancy”, the story could be that, You sang lyrics to a unicorn but during the concert you stained your fancy shirt.
What not to do when creating a new passphrase:
- Don’t repeat passphrases. Using the same passphrase among multiple accounts may be convenient, but it increases your vulnerability to hacking. If you use the same passphrase across different accounts, a hacker only needs to breach one account to get your login credentials for all your other accounts.
- Don’t use personal information like your pet’s name, your birthdate or your hometown. A hacker can quickly figure out this information based on your social media accounts and other information available online. People who know you personally might even try to login in to one of your accounts this way.
- Don’t replace letters in your passphrase with common substitutes. Swapping in an “@” symbol for an “A” may have worked in the past, but nowadays hackers can guess “p@ssw0rd” just as easily as they can guess “password.” Instead, use hyphens, spaces, periods, capitalized letters or numbers to separate each word and add more complexity.
Bonus tip: Don’t store passphrases on sticky notes, spreadsheets or digital documents. It might seem practical to store your passphrases this way, but if it falls into the wrong hands all your accounts will be compromised. If you can’t recite your passphrases from memory, consider using a password manager that encrypts your data.
Once you have created your passphrase, learn how to set up multi factor authentication to add an extra layer of security to your accounts.