There’s good news on the horizon for everyone who’s ever forgotten an online password. So, well, everyone. For years, we’ve been told our passwords should be complicated — think long, with capital letters, numbers and symbols. Even worse, that they need to be changed every 90 days and be different for every website and app. Luckily, that all changed a few weeks ago when the National Institute of Standards and Technology — the biggest influencer when it comes to password advice — revised its recommendations for creating passwords. Experts say they’re more likely to prevent break-ins and be a whole lot easier for people to manage. That means less time spent clicking the “forgot password?” button for all of us.
What you need to know
The new password guidelines are nearly the opposite of what we used to tell people: Keep your passwords simple, long and memorable. That’s because no many how many crazy symbols you use or how many capital letters you add, a long password is going to be more complex to break than a short one. Even better — once you make a strong password, you shouldn’t have to change it unless you suspect one of your accounts has been compromised. As a highly-circulated online cartoon points out, a relatively easy-to-remember password like correcthorsebatterystaple would take hackers 550 years to crack, while the complicated Tr0ub4dor&3 would take about 3 days.
Make a strong password
To secure your accounts, trying coming up with a random phrase that’s easy for you to remember but that is long enough to make it hacker-proof. Avoid birthdays, addresses and pets, and skip the random password generator — a recipe for forgotten logins. Instead, think about things like your favorite band, or the name of your college dorm. They stand out in your mind, but aren’t the first thing people see when they look at your Facebook page. The most important password you have? Surprisingly, it’s not your bank or credit card, says Neal O’Farrell, founder of the Identity Theft Council. Those types of sites often have secret questions and multi-factor security that make them hard to hack. Rather, it’s your email password that helps hackers the most. “Even low-level identity thieves have told me that if they get access to your email, they know your life,” he says. They can even get messages forwarded to their own account, he adds. So if you’re going to change just one password using these guidelines, make it the password to your email account.
Other tips to protect your identity:
With Ellie Schroeder