
Set strong passwords
Setting strong passwords for all of your devices is essential. Your passwords should be unique and complex, containing at least 12 characters along with numbers, symbols, and capital and lowercase letters. Changing your passwords regularly — and never sharing or reusing the same password — will help prevent hackers from figuring them out.
Additional device controls are firmware passwords. These are hardware passwords that help prevent others from using your computer. While disk encryption prevents cyberthieves from accessing information stored on your device, firmware passwords protect your hardware by preventing your machine from being rebooted or reset without your password.
Don’t be silly
Stay away from the obvious. Never use sequential numbers or letters, and for the love of all things cyber, do not use “password” as your password. Come up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts.
- Make it long. This is the most critical factor. Choose nothing shorter than 15 characters, more if possible.
- Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the more potent your password is, and the harder it is for a brute force attack to crack it.
- Avoid common substitutions. Password crackers are hip to the usual substitutions. Whether you use DOORBELL or D00R8377, the brute force attacker will crack it with equal ease. These days, random character placement is much more effective than common leetspeak* substitutions. (*leetspeak definition: an informal language or code used on the Internet, in which standard letters are often replaced by numerals or special characters.)
- Don’t use memorable keyboard paths. Much like the advice above not to use sequential letters and numbers, do not use sequential keyboard paths either (like qwerty). These are among the first to be guessed.
The revised passphrase method
This is the multiple word phrase method with a twist — choose bizarre and uncommon words. Use proper nouns, the names of local businesses, historical figures, any words you know in another language, etc. A hacker might guess Quagmire, but he or she would find it ridiculously challenging to try to guess a good password example like this:
QuagmireHancockMerciDeNada
While the words should be uncommon, try to compose a phrase that gives you a mental image. This will help you remember.
To crank it up another notch in complexity, you can add random characters in the middle of your words or between the words. Just avoid underscores between words and any common leetspeak* substitutions. (*leetspeak: an informal language or code used on the Internet, in which standard letters are often replaced by numerals or special characters.)
The sentence method
This method is also described as the "Bruce Schneier Method." The idea is to think of a random sentence and transform it into a password using a rule. For example, taking the first two letters of every word in “The Old Duke is my favorite pub in South London” would give you:
ThOlDuismyfapuinSoLo
To anyone else, it’s gobbledygook, but to you it makes perfect sense. Make sure the sentence you choose is as personal and unguessable as possible.
Use multi-factor authentication
Two-factor or multi-factor authentication is a best practice that offers an additional layer of protection. Two-factor authentication usually requires you to submit your password and username along with, say, a unique code that is sent to your cell phone. This may be all that is needed for some systems, but multi-factor authentication adds additional layers of security with the use of biometrics, like facial or fingerprint recognition, to make it harder for hackers to gain access to your device and personal information.