Keeping your account secure is vitally important to operate safely in online spaces. Your personal information, identity, finances, conversations, and more are all guarded behind (hopefully various) passwords across all your accounts and devices. While it’s easy to get complacent or employ bad practices, lapses in judgement can significantly increase the risk of at least one of your accounts getting compromised.
It's taken for granted that longer, more complex passwords are better than shorter, simpler ones. Intuitively, this is because we imagine that a longer password is harder to guess, but in reality, it’s slightly more complex.
“Guessing” a password in a cryptographic sense involves spam firing every possible combination of letters, numbers, and symbols. This is done with the fastest, most powerful computers available, and is by no means the most effective way to gain access to somebody’s account.
In fact, we recently wrote about a far more subtle way of obtaining account credentials in a previous article - Social Engineering: The Silent Killer.
However, if a malicious actor is dead set on breaking into your account in the most direct possible way, then they can simply start with the minimum number of characters the service allows, and systematically work through every single possible combination, adding a character only after all the other possibilities are exhausted.
In such cases, each single addition can add days, months, even centuries to the time it takes for even the fastest computers in existence to crack.
Today, websites are typically pretty transparent about displaying password strength, and many people even develop a natural sense for it. As a general rule of thumb, the more stuff you add to your password, the better.
Here are some things to keep in mind when trying to create a strong password, many of which will be a requirement on some sites.
Ultimately, the most important thing you can do to keep any of your accounts safe is to enable two factor authentication. A hacker can’t access your account even if they have your password if they don’t also have your phone number, or email address. It can be tedious, but the reward from locking down all your accounts by tying them to your phone is enormous.
We’ll discuss Two Factor Authentication, what it means precisely, and the different forms it takes in a future article, but for now, go check your account’s settings in whatever social media app you may be interested in, and enable it by following the instructions.