A password or a passphrase is used to prevent unauthorized people from accessing your personal information. Creating a solid password is your first line of defense and likely the most important security control you have. Here are some tips for creating a strong password.
How do you create a secure password?
A poorly chosen, easy-to-guess password could allow your sensitive personal information to be compromised. Passwords shouldn’t include "guessable" data such as information about yourself, your spouse, your pet, your children, birthdays, addresses, phone numbers, locations, etc.
Passwords should be comprised of a mix of upper- and lowercase letters, numbers and special characters like punctuation marks and symbols. Ideally your password will not start with a capital letter or an obvious keyboard sequence like “qwerty” or “12345.”
Typically, passwords have been comprised of eight characters, which include a mix of letters, numbers and symbols. That minimum is still widely accepted; however, experts have found that it can take a hacker only about four minutes to crack a password of that length and complexity. So, the longer the password, the better. Create a password with a minimum of 15 characters that include lower- and uppercase letters, numbers and symbols. A password of that length and complexity could take much longer than two years to crack.
An example of a strong password that’s easy to remember is a passphrase. This is a series of three to four words strung together with characters and symbols that contain the necessary complexity to be secure. By replacing letters with similar-looking symbols or numbers, an example of a strong passphrase could be “door desk computer phone,” which would become “dOord3sk!computer?phone.”
What is a password manager and why is it useful?
A 15-character password may be difficult to remember. That’s where a password manager app may be able to help. A password manager, also known as a “password vault,” can store your passwords in a secure, virtual space. Vaults like LastPass, for example, only require you to remember one password to sign in to the app. From there, the app does the work of helping you create complex passwords and later, storing and recovering them. There are many password managers available so research them carefully to find one that will best meet your needs.
How to protect your password
It doesn't matter how carefully you choose a password if you aren't equally diligent about keeping it protected and secure. When available, enable two-factor authentication (2FA), an added layer of protection that goes beyond usernames and passwords to help ensure the security of online accounts. 2FA is a combination of something you have (e.g., mobile phone), something you know (e.g., security questions), or something you are, like a fingerprint, retinal scan or voice sample. A long and strong password, combined with 2FA, may be your best protection against would-be thieves and password attacks.
The Credit Union further protects your accounts using 2FA with the One Time Passcode feature in Member Connect as an alternative to your security questions.
How to keep your passwords safe
Here are some additional password security tips to keep in mind:
- Don’t disclose your passwords to anyone.
- Never send your passwords via email or provide a password over the phone.
- Don’t leave your passwords unsecured.
- Don’t reuse passwords across different systems or accounts.
- Don’t check the "save password" box when signing into online accounts or applications.
- Don’t allow web browsers to save passwords.
By using these tips, you should feel confident you’ve created strong and secure passwords.
The advice provided is for informational purposes only.