Shout out to the reader who suggested frequently-used passwords! You’re the inspiration for this post.

Most clients or employees reach out to me asking for cybersecurity help, but barely follow the basics behind good passwords. You don’t need a sophisticated cybersecurity professional to tell you the mundane password basics.

If you’re on this site, you probably care about your digital privates, but if your family or password-sharing friends couldn’t care less, you could still be prone to attacks.

Ultimately, passwords should be

• Difficult to crack

• Difficult to guess

• Not used for more than one account

The character, length, and other complexity-forcing requirements are all based on how an attacker could brute force or dictionary attack your password. Because of this,

The minimum isn’t actually the minimum.

Currently, lots of sites will set the bar at 8-12 characters. You should shoot for 16 characters, at minimum. If you leverage a password manager, the length won’t matter, because you don’t have to worry about remembering. You can go crazy-long (website permitting) with your password lengths with password managers. Some security experts push for passphrases, which consist of more complete sentences instead of the standard one-word-and-number standard.

Start migrating to your own Password Manager
Password managers solve a lot of common password woes. Check out our Privacy 101: Passwords to find out. Some security blogs like Safety Detectives also pulled leaked credentials to analyze the most common passwords. NordPass released a similar ranking of common passwords in November 2020.

Don’t forget, when you set the main password in your password manager, don’t settle for the minimum. A terrible password as a gate to other passwords will result in a bad time.

But what if my main password in my password manager gets compromised?

The occasional client expresses concerns about storing all of their passwords in one location. If you lose access, you’re kicked out of tons of accounts at once.

It’s an understandable concern, but the thought also emphasizes the importance of conducting your own research. Safety Detectives also reviewed multiple password managers.

Other questions you should ask during your research include…

Did the password manager ever experience a failure in its cryptography? Password management services store your passwords through cryptography. If the encryption strength of your password manager is cracked, your passwords are at risk. Research to see if the services ever experienced a cryptography failure.

Has the password manager ever been hacked? The cryptography isn’t the only failure point behind a password manager.

Does your password manager also have a mobile app? Why not download a product that also works on your phone? Make the whole process easier!

Need to share a password?

Do you actually need to share a password? Instead of sharing a password, consider other options.

• Think about why you actually require to share a password. Many online service providers allow user management.

• If you’re just sharing a social media account, consider leveraging a Hootsuite-like platform with user management capabilities.

• 1Password allows multiple users to view a shared vault, so you don’t need to copy-pasta poorly created passwords for sharing purposes.

When you inevitably ignore this advice, at least change your password immediately after someone uses your account.

Use multifactor authentication (MFA)

When you’re password gets compromised, multifactor (or two-factor authentication) can protect your account from compromise. Duo, Google Authenticator, and YubiKeys are all solid multifactor authentication options without using your phone number.