How to choose a secure password
Authored by a Symantec employee
Strong passwords are the key to your digital life. Be sure to protect your information by utilizing the tips provided in this article.
All-in-one protection. All for one low price.
Security for your devices, your online privacy, and your identity. NortonTM 360 with LifeLockTM
Passwords are the digital keys to our networks of friends, our work colleagues, and even our banking and payment services. We want to keep our passwords private to protect our personal lives, and that includes our financial information. While some cybercriminals may want to hack into our social networking or email accounts, most want the financial gain that hacking bank accounts can bring.
The most important two passwords are those for your email and social network accounts. If someone gains access to your email account, they could use the "forgot your password?" link on other websites you use, like online shopping or banking sites. If a hacker gets into your social network, they have the ability to scam your friends by sending out links to dangerous websites or posting fraudulent messages asking for money. The bottom line is that a good password is all that may stand between you and a cybercriminal.
How is it done?
There are many ways that hackers can crack your password outside of phishing attempts and spyware. One method is by attempting to log on to your account and guessing your password based off of personal information gained from your security questions. This is why it is extremely important not to include any personal information in your passwords.
Another way that hackers can attempt to gain access to your password is via a password cracker. A password cracker uses brute force by using multiple combinations of characters repeatedly until it gains access to the account.
The shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters. The longer and more complex your password is, the less likely the attacker will use the brute force method, because of the lengthy amount of time it will take for the
program to figure it out. Instead, they’ll use a method called a dictionary attack, where the program will cycle through a predefined list of common words that are used in passwords.
How You Can Create a Secure Password
In order to avoid being a victim of these kinds of hacks, we’ve amassed a collection of Do’s and Don’ts on how to choose a secure user password*.
*A secure password is one a hacker can't easily guess or crack using software tools and one that is unique and complex.
Do use Two-Factor Authentication (2FA) whenever possible. 2FA adds another layer of security to any account you may be logging into. When using 2FA, you can choose two of three types of identification to provide:
- A password or pin number.
- A tangible item such as the last 4 digits of a credit card in your possession or a mobile device that a code can be sent to.
- A part of you such as a fingerprint or voiceprint.
Do use a combination of uppercase and lowercase letters, symbols and numbers.
Don't use commonly used passwords such as 123456, the word "password," “qwerty”, “111111”, or a word like, “monkey”.
Do make sure your user passwords are at least eight characters long. The more characters and symbols your passwords contain, the more difficult they are to guess.
Don't use a solitary word in any language. Hackers have dictionary-based systems to crack these types of passwords. If you insist on using a word, misspell it as much as possible, or insert numbers for letters. For example, if you want to use the phrase “I love chocolate” you can change it to @1L0v3CH0c0L4t3!
Don't use a derivative of your name, the name of a family member or the name of a pet. In addition to names, do not use phone numbers, addresses, birthdays or Social Security numbers.
Don’t use the same password across multiple websites. If remembering multiple passwords is an issue, you can use a password manager such as Norton Identity Safe to securely store your passwords.
Do use abbreviated phrases for passwords. You can choose a phrase such as "I want to go to England." You can convert this phrase to an abbreviation by using the first letters of each word and changing the word "to" to a number "2." This will result in the following basic password phrase: iw2g2e. Make it even more complex by adding punctuation, spaces or symbols: %iw2g2e!@
Don't write your passwords down, share them with anyone or let anyone see you log into devices or websites.
Do change your passwords regularly.
Do log out of websites and devices when you are finished using them.
Don't answer "yes" when prompted to save your password to a particular computer's browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program. Norton Security stores your passwords securely and fills them in online in encrypted form.
If all of this is too much for you, you can simplify this process by using the Norton Identity Safe Password Generator. It will allow you to customize your password by length, and gives you the choice of including letters, numbers, mixed case and punctuation.
This may seem like a long, complicated process to go through just to log into a website, however, it is not as complicated as a cybercriminal gaining access to your passwords and stealing your identity. Just remember that a bit of legwork now can protect you from extremely compromising situations in the long run.
Password challenged? Manage your passwords safely and securely online
Norton Antivirus Plus features Password Manager*, making it easy to create, store, and manage your passwords and other credentials.
Securely stores and remembers all your usernames, passwords and more so you don’t have to.
*Norton Password Manager is not exclusively available in this plan and may be available online for free.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.