Creating a strong, versatile password is not easy. Particularly if you're stuck in a routine of creating short complex passwords (that are actually not secure).
Ensuring your account passwords are secure doesn't have to take a lot of time, if you take the right steps. This guide builds upon our advice from a few years ago, but now two-factor authentication and password managers have further matured.
Here is our guide for creating a password in 2018 (tip: all the passwords in the banner image are inadequate!):
1. Choose a long password
Passwords should be at least 16-characters. Length is one of the most important factors toward making a password secure.
One way to come up with a password this long, is to think of a memorable and bizarre phrase. Like: mydogismadeofwednesdays. The idea is to come up with something nonsensical.
Then you can edit the phrase with numbers and special characters to meet other typical password requirements. E.g. myd0g!sm4deofw3dnesdayZ.
If you're struggling to choose a password, start with this random phrase generator. It's based off the xkcd comic below. If you use this generator, we recommend adding another word, or changing it slightly, then altering it with special characters as described above.
2. Don't reuse passwords
We understand this is difficult but don't reuse the same password across multiple websites. Think of all the websites where you use your email address, Facebook name, or Microsoft account to login. If you re-use the same login-name and password combo across multiple sites, a person who cracks that combo just once, will have access to all of those services.
Try using a different password across your services. At the very least for your email, banking and financial, work and other accounts of value.
If remembering so many passwords proves to be difficult, try using a password manager. We suggest trying LastPass or Dashlane, which are password managers that offer multiple device support with either no cost or an initial free trial period.
If using a password manager, use a highly secure password and two-factor authentication to access the manager.
3. Enable two-factor authentication
For best security practice, a password alone is not enough. Two-factor authentication is also required.
Generally, two-factor authentication means receiving a secure code via text to a trusted phone number or using a code generator on your mobile device.
Once set-up, two-factor authentication is easy to use. We highly recommend enabling it for any financial services you use, or for accounts that have access to sensitive commercial information. Find out more about two-factor authentication at our guide here.