This post may contain affiliate links, marked with . This means, if you make a purchase through such a link, I may earn a small commission at no extra cost to you. For more information, click here.

Despite widespread frustration with passwords from a usability and security standpoint, they still remain the most common way of user authentication. Humans, however, have only a limited ability to memorize complex passwords, so we often choose passwords that can be easily guessed. To address this issue, many online services have introduced rules in an effort to increase the complexity of passwords which requires the user to select passwords constructed using a mix of character types: digits, upper and lower case letter, and symbols.

Advertisement

However, analyses of breached password databases reveal many of the well-known rules that have been propagated by admins and security guidelines create little or no additional security, although the impact on usability and memorability is severe. The National Institute of Standards and Technology (NIST) has therefore changed the recommended rules for passwords.

I compiled a set of six rules to create better passwords.

  1. No unimaginative passwords
    Your password should never be "123456“, „qwerty“ or "aaaaaaa“. Passwords like these can be cracked quickly. Names or birthdates are also off limits.
  2. Long password phrases
    For a long time, a good and secure password was considered to be a combination of upper and lower case letters, numbers and characters mixed together without any meaning. Nowadays, however, passphrases are recommended that do not have to differ so much in the individual digits of the password, but do not appear in dictionaries in this way. You can also check if the chosen password is part of a known data breach here .
  3. The longer the password, the more secure
    The rule for passwords is: the longer, the more secure. This is because short passwords can be cracked more quickly. Therefore, your password should consist of at least eight characters, better options would be 10 or 12 characters. You should even protect particularly important accounts with passwords that are 20 or more characters long.
  4. A different password for every account
    Most people use one and the same password for all their accounts. But this is problematic. If one password is cracked, the perpetrators automatically have access to all accounts. Therefore, it is best to use each password only once.
  5. Do not write down passwords
    Even though secure passwords are more difficult to remember due to their structure, you should never write down your passwords anywhere. The paper could fall into the wrong hands. You should rather build a mnemonic to remember the password. For example, you could memorize the sentence: „How offen needs Judith to play the Harp? 4 times a day!" for the password „HonJtpth?4tad!“.Alternatively, there is software that can help you manage your passwords. There you store all your passwords, which are protected with a single secure master password.
  6. Use two-factor authentication were ever possible
    More and more online services offer the so-called two-factor authentication. This means that you can no longer log in with just your password, but you also need a second factor such as a code that is sent to you via SMS, for example. This way, hackers can't log into your accounts even if they know your password.
Password Manager for Families, Businesses, Teams | 1Password
A password manager, digital vault, form filler and secure digital wallet. 1Password remembers all your passwords for you to help keep account information safe.
1Password