What makes a good password? 9 rules to protect you from cyberattacks – CNET


Sturdy passwords will help hold your knowledge locked down

James Martin/CNET

In relation to your on-line safety, it is important to shield your self with sturdy passwords. You want distinct passwords for your entire social media, financial institution accounts, streaming providers, and apps. However with so many alternative accounts, it will probably appear inconceivable to give you passwords that you’re going to bear in mind. This makes it tempting to fall into the unhealthy behavior of utilizing the identical login credentials time and again.

In case your knowledge is compromised, weak passwords can have critical penalties, like identification theft. Final yr’s variety of reported knowledge breaches set a brand new file — to not point out the T-Cellular hack in 2021 that uncovered greater than 50 million clients’ private info.

The identification safety of a post-password world is not right here for many of us. So within the meantime, strive these greatest practices that may assist reduce the chance of your knowledge being uncovered. Learn on to discover ways to create and handle the most effective passwords, how one can be alerted in the event that they’re breached, and one essential tip to make your logins much more safe. And listed below are three previous password guidelines that wound up being dumb at present.

Learn extra: Greatest password managers for 2022 and how one can use them

Use a password supervisor to maintain monitor of your passwords

Sturdy passwords are longer than eight characters, are arduous to guess and include a number of characters, numbers and particular symbols. The very best ones can be troublesome to recollect, particularly in case you’re utilizing a definite login for each website (which is really helpful). That is the place password managers are available.

A trusted password supervisor similar to 1Password or Bitwarden can create and retailer sturdy, prolonged passwords for you. They work throughout your desktop and cellphone.


An excellent password supervisor will help you retain monitor of your login data.

The tiny caveat is that you’re going to nonetheless should memorize a single grasp password that unlocks all of your different passwords. So make that one as sturdy as it may be (and see under for extra particular tips about that).

Browsers like Google’s Chrome additionally include password managers, however our sister website TechRepublic has considerations about how browsers safe the passwords they retailer and recommends utilizing a devoted app as an alternative. 

Password managers with their single grasp passwords are, after all, apparent targets for hackers. And password managers aren’t good. LastPass mounted a flaw in 2019 that might have uncovered a buyer’s credentials. To its credit score, the corporate was clear concerning the potential exploit and the steps it might take within the occasion of a hack.

Sure, you’ll be able to write your login credentials down. Actually

We know: This advice goes in opposition to every part we have been advised about defending ourselves on-line. However password managers aren’t for everybody, and a few main safety consultants, just like the Digital Frontier Basis, counsel that protecting your login info on a bodily sheet of paper or in a pocket book is a viable approach to monitor your credentials. 

And we’re speaking about actual, old style paper, not an digital doc like a Phrase file or a Google spreadsheet, as a result of if somebody features entry to your laptop or on-line accounts, they will additionally achieve entry to that digital password file.


Holding passwords on a sheet of paper or in a pocket book may work greatest for some individuals.

Graphic by Pixabay/Illustration by CNET

After all, somebody may additionally break into your own home and stroll off with the passkeys to your whole life, however that appears much less doubtless. At work or at house, we suggest protecting this sheet of paper in a protected place — like a locked desk drawer or cupboard — and out of eyesight. Restrict the quantity of people that know the place your passwords are, particularly to your monetary websites.

When you journey typically, bodily carrying your passwords with you introduces higher danger in case you misplace your pocket book. 

Discover out in case your passwords have been stolen

You’ll be able to’t at all times cease your passwords from leaking out, both by an information breach or a malicious hack. However you’ll be able to examine at any time for hints that your accounts could be compromised.

Mozilla’s Firefox Monitor and Google’s Password Checkup can present you which ones of your e-mail addresses and passwords have been compromised in an information breach so you’ll be able to take motion. Have I Been Pwned also can present you in case your emails and passwords have been uncovered. When you do uncover you’ve got been hacked, see our information for how one can shield your self.

Now enjoying:
Watch this:

Are your login credentials on the darkish net? Discover out…


Keep away from widespread phrases and character combos in your password

The aim is to create a password that another person will not know or have the ability to simply guess. Avoid widespread phrases like “password,” phrases like “mypassword” and predictable character sequences like “qwerty” or “thequickbrownfox.” 

Additionally keep away from utilizing your identify, nickname, the identify of your pet, your birthday or anniversary, your avenue identify or something related to you that somebody may discover out from social media, or from a heartfelt discuss with a stranger on an airplane or on the bar. 

Learn extra: Sturdy passwords aren’t as simple as including 123. Here is what consultants say actually helps

Longer passwords are higher: 8 characters is a place to begin

8 characters are an incredible place to start out when creating a robust password, however longer logins are higher. The Digital Frontier Basis and safety skilled Brian Krebs, amongst many others, advise utilizing a passphrase made up of three or 4 random phrases for added safety. An extended passphrase composed of unconnected phrases might be troublesome to recollect, nevertheless, which is why it is best to think about using a password supervisor.

Do not recycle your passwords

It is price repeating that reusing passwords throughout completely different accounts is a horrible concept. If somebody uncovers your reused password for one account, they’ve the important thing to each different account you utilize that password for. 

The similar goes for modifying a root password that adjustments with the addition of a prefix or suffix. For instance, PasswordOne, PasswordTwo (these are each unhealthy for a number of causes).

By selecting a novel password for every account, hackers that crack into one account cannot use it to get entry to all the remaining. 

Keep away from utilizing passwords identified to be stolen

Hackers can effortlessly use beforehand stolen or in any other case uncovered passwords in automated login makes an attempt referred to as credential stuffing to interrupt into an account. If you wish to examine if a password you are contemplating utilizing has already been uncovered in a hack, go to Have I Been Pwned and enter the password.

No must periodically reset your password

For years, altering your passwords each 60 or 90 days was a long-accepted apply, as a result of, the pondering went, that was how lengthy it took to crack a password. 

However Microsoft now recommends that except you observed your passwords have been uncovered, you need not periodically change them. The rationale? A lot of us, by being compelled to vary our passwords each few months, would fall into unhealthy habits of making easy-to-remember passwords or writing them on sticky notes and placing them on our screens.

Use two-factor authentication… however attempt to keep away from textual content message codes

If thieves do steal your password, you’ll be able to nonetheless hold them from getting access to your account with two-factor authentication (additionally referred to as two-step verification or 2FA), a safety safeguard that requires you enter a second piece of data that solely you have got  (often a one-time code) earlier than the app or service logs you in.


Google’s Authenticator app steps up your safety.

Jason Cipriani/CNET

This approach, even when a hacker does uncover your passwords, with out your trusted system (like your cellphone) and the verification code that confirms it is actually you, they will not have the ability to entry your account.

Whereas it is widespread and handy to obtain these codes in a textual content message to your cell phone or in a name to your landline cellphone, it is easy sufficient for a hacker to steal your cellphone quantity by SIM swap fraud after which intercept your verification code. 

A a lot safer approach to obtain verification codes is so that you can generate and fetch them your self utilizing an authentication app like Authy, Google Authenticator or Microsoft Authenticator. And when you’re arrange, you’ll be able to select to register your system or browser so that you need not hold verifying it every time you register.

In relation to password safety, being proactive is your greatest safety. That features realizing in case your e-mail and passwords are on the darkish net. And in case you uncover your knowledge has been uncovered, we information you thru what to do if hackers have gained entry to your banking and credit-card accounts.

Leave a Comment