Test Your Password Strength & Password Best Practices

If you fit into one — or all three — of the above categories, you’ll want to read on for some tips on strengthening your passwords. In May 2013, Intel Security even started a holiday — World Password Day — celebrated each May with the intention of curbing one of the fastest growing crimes, identity theft.
So, just how big is the problem? In 2017, 16.7 million people fell victim to identity fraud, breaking the previous year’s record, according to a report from Javelin Strategy and Research. The report also found that some 30 percent of the nation’s consumers were notified of exposure to a data breach that same year — all amounting to $16.8 billion stolen.
You might be thinking that your password may have nothing to do with data breaches. And, while that may be the case (unless, of course, you are the gatekeeper to critical business data), if you use one password for every online account, you’re making it all too easy. Hackers will automatically try the password they may have gained in a breach on the email address that is likely tied to said account, and from there, they could get even more access.
The same could be said for common passwords, such as your name or even “password.” Take a look at the top 20 most used passwords from 2022 and how many people used them, according to the Readers Digest:
- 123456
- 123456789
- Qwerty
- Password
- 12345
- 12345678
- 111111
- 1234567
- 123123
- Qwerty123
- 1q2w3e
- 1234567890
- DEFAULT
- 0
- Abc123
- 654321
- 123321
- Qwertyuiop
- Iloveyou
- 666666
What Is A Strong Password?
A strong password has a few characteristics:- It’s at least eight characters long, though, the longer, the better
- It contains a mixture of both numbers and letters
- It contains a mixture of uppercase and lowercase letters
- It has at least one special character, like an exclamation point or asterisk
To drill it in a tad more, you’ll obviously want to avoid a repeated letter or number, or a series of repeated numbers or letters, along with a series of characters on your keyboard (think: qwerty). And, of course, you should avoid any form of personal information, such as your Social Security number or your home address.
Strong passwords don’t have to be a 15-character string of letters and numbers that are otherwise completely unintelligible to you. Some of the best are a combination of words or phrases, with some capitalization and numbers in lieu of certain letters (“3” for an “e”, say).
If you aren’t sure how yours will stack up, you can test your password strength on a number of websites. Just be sure the website is a credible one, such as those that may belong to password managers or any antivirus and/or internet security. It’s also best to try out those that you aren’t likely to use in real life.
How to Keep Your Password Secure
Now that you’re on your way to creating an iron-clad password, you’ll want to ensure that it stays locked up. To do so, follow these simple tips:1. Don’t share your passwords.
This may seem like a given, but don’t share your passwords — especially those that are the gatekeepers to your most critical, sensitive information — with anyone who doesn’t need it. Your best friend doesn’t need to know your email login, and your parents don’t need your Google account to access shared photos.
Similarly, you won’t want to write these passwords down and stow them away near your devices, and you won’t want a “master list” of passwords hanging out in your email. That could open the door to even more fraud.
2. Toughen up your security questions.
When you first sign up for an online account, you may be prompted to select from a drop-down menu of security questions. What was the name of your elementary school? What is your mother’s maiden name? What is the name of your favorite restaurant? Some will even allow you to select your own security questions. Websites typically use these to ensure a sign-in attempt is, in fact, you, particularly if you’re logging in using a new or different device.
If you are choosing from the list, be sure to implement some of the strong password tips above, especially if the answer is pretty obvious. If you get to create your own security questions, be sure to make them difficult.
3. Use two-factor authentication.
Also known as multi-factor authentication, two-factor authentication is exactly what it sounds like — using two forms of identification to log in. It adds an extra layer of security to your accounts.
For example, if you’re signing in to your email account, you will be asked to input your username and password. Once you’ve done so successfully, you would then be prompted for a different form of identification, like a one-time passcode sent through a text message or a fingerprint scan through your smartphone. To access your email, then, you would need to provide proper credentials for whichever form of two-factor authentication you have chosen.
4. Use an App
If you’re weary about saving your information on the Internet, no matter how secure, an offline application is your next best bet. There are more password and username-oriented apps out there than there are online secure cloud services. Apps like 1Password and LastPass give users a safe way to have a “safe” full of personal data that you don’t want laying around the house.
Apps usually use the “master password” method in order to access your data. They will have add-ons to your browsers that detect when you’re entering a password and will give you the option of saving the password to the app. The next time you visit the webpage, the app will ask you for your master password. Once you enter it, it will automatically fill in your password to the website.
5. Change your passwords regularly.
There’s some disagreement on just how often you should change your passwords. Some recommend every 30, 60 or 90 days. But, you don’t want to change them too frequently.
So, what are those occasions when it’s definitely warranted?
- If you’re notified of a data breach
- If you’ve noticed any suspicious activity in your account that you did not initiate
- If you’ve found evidence of unauthorized logins
- If you think any of your devices are comprised due to malware, viruses or other cybersecurity threats