In the movies, hackers crack passwords either by guessing them, or by running some kind of magic software that tries every possible combination of characters.
You can’t hide from the movie hackers.
Fortunately, that’s not how it works in real life.
When actual hackers want to break into your account, what they’ll typically do is try passwords that you’ve used before. They know your other passwords, because one of the sites where you had an account had a breach at some point.
So the most important thing you can do is never reuse your passwords.
1. Have a different password for each account
Easy, to say, right? Just make up a different password each time. Different passwords for your online banking, for your credit cards, for your email accounts, for your social media sites, for your shopping sites.
Wait a minute. Unless you’re someone who barely ever uses the Internet, you’ll quickly have more passwords than any human being can possibly remember.
Plus, some sites make you change the password every few months.
This is a nightmare.
But there is a solution.
Get a password manager. Programs like LastPass and Dashloane are free and easy to use. They remember your passwords whenever you type it into a website, and then fill them in for you. Plus, they work on all your devices.
The best password manager out the right now for the average consumer is LastPass, which is free, and works on multiple devices.
DashLane’s free version currently only works on one device, but it has a feature where it can change all your passwords for you all at once if there’s been a breach. They also have a version that syncs your passwords across all your devices, for $40 a year.
And even if the password manager companies get hacked, your passwords are still safe. They keep them encrypted, so that only someone who knows your master password can get in. Not even the companies themselves can unlock them. So if you’re on the run from the CIA, the government can’t just make those companies turn over your passwords.
It is a really good deal, and the single best thing you can do right now to protect your online identity.
And it only takes a couple of minutes to set it up. After that, the password manager does everything for you and just makes your life easier.
Okay, moving on. You’ve got your password manager set up, or you only ever log into one place, and you need to pick a password.
What do you do?
2. Create a Brand New Password
To find out if any of your accounts have already been hacked, just type your email address into Have I been Pwned.
Have I been Pwned: https://www.dashlane.com/
If any of your accounts have been breached, immediately change that password, and any other site where you’ve used the same password.
But if your email doesn’t come back as breached, don’t think you’re safe. There might have been a breach that just hasn’t been discovered yet.
To stay on the safe side, pick a brand-new password each time.
3. Don’t Use a “Common” Password
Another thing that hackers do is try random combinations of user names and passwords on random sites. They avoid trying to log in to the same account several times in a row and trigger a lock-down by trying a different user account each time. So they’re not going after you in particular, but if they do happen to get into your account, that’s not much of a comfort.
When hackers do this, they use lists of commonly-used passwords. These start with perennial favorites like “password” and “123456.” Other common passwords are names, and keyboard patterns like “qwerty” and “abc123.”
According to the researchers at Keeper, another popular password management program, just 25 passwords accounted for half of the 10 million passwords available to hackers last year.
And one out of every six passwords was “123456.”
4. Instead, Use a Random Password or a Pass Phrase
If you have a password manager, it will automatically suggest good, strong, random passwords for you each time a site asks you to create a new account or update your password.
You can also use an online password generator above. It’s VERY handy.
But random passwords are impossible to remember, so this is not a good option for a password that you have to carry around in your head, like your master password to your password manager, or, say, the main password you need for work or for your computer or your bank.
Try a passphrase instead. So, for example, instead of using “Bobby,” you can use “BobbyIsMy#1FavoriteChild” and hope that your other kids never find out.
You can check how strong your password is on this site: http://random-ize.com/how-long-to-hack-pass/
Yes, it’s a little longer to type, but it’s still quicker than trying out “Bobby1,” “Bobby2010,” “Bobby!123” and other combinations to figure out which one you actually used, then being locked out of your own account because it took you too many tries.
Some people use a combination of a strong base password, such as a passphrase, and then combine it with a new code for each different site.
For example, they might have “BobbyIsMy#1FavoriteChild-Facebook” and “BobbyIsMy#1FavoriteChild-bank.”
This isn’t as secure as having a different, long, random password for each site.
But at least it’s a step up from using “123456” everywhere.