Why Strong Passwords Matter – Passwords play a huge role in keeping our digital lives safe. They protect our accounts, our devices, and the personal information we don’t want anyone else to see. Even though they’re often the only thing shielding us from someone trying to access our data, many people still pick weak or predictable passwords without thinking twice.
Best Practices
Use unique passwords for every service
Picture this: you use the same email and password for several websites. If one of those sites is hacked or run by someone untrustworthy, your login details could be exposed. From there, a bad actor can try that same email and password on other services until one works. Even the strongest password won’t help if it’s reused everywhere.
This type of attack is known as credential stuffing, and it’s extremely common. The safest approach is simple – never reuse passwords.
Use randomly generated passwords
It’s surprisingly hard to come up with strong passwords on your own. That’s why it’s best to rely on randomly generated passwords or diceware passphrases that offer plenty of entropy. Every recommended password manager includes a built-in password generator, so it’s easy to create secure logins without guessing.
Rotating passwords
You don’t need to change passwords you have to remember, such as your master password, unless you think they’ve been compromised. Changing them too often can increase the chances of forgetting them.
For passwords you don’t have to memorize, like those stored inside your password manager, you may want to rotate them every few months if your threat model requires it. This is especially useful for accounts without multifactor authentication. Many password managers let you set expiration dates to make this easier.
Creating Strong Passwords
Passwords
Online services often set rules for passwords, such as required characters or length limits. To get the most secure result, use your password manager’s generator and create a password that’s as long and complex as the site allows. Mix uppercase and lowercase letters, numbers, and special characters.
If you need something you can remember, a diceware passphrase is a great alternative.
Diceware Passphrases
Diceware is a method for creating passphrases that are easy to recall but hard for others to guess. They work especially well for things like your master password or your device’s encryption password.
Here’s an example of a diceware passphrase: viewable fastness reluctant squishy seventeen shown pencil.
To create your own using real dice, follow these steps:
-
Roll a six-sided die five times and write down each number.
-
For example, a roll of 2-5-2-6-6 matches the word encrypt in the EFF large word list.
-
Write down the word you find.
-
Repeat until you have the number of words you need, separated by spaces.
If you don’t want to use real dice, your password manager can generate diceware passphrases for you. Set the length to at least six words for strong security. The EFF’s large word list is recommended because it’s easy to memorize while offering the same security as the original version. Lists are available in different languages if you prefer not to use English.
In short, diceware passphrases are one of the best options when you need something that’s both strong and memorable.
Storing Passwords
Password managers
The safest way to store your passwords is with a password manager. It keeps everything in one secure place, protected by a single master password. That means you only have to remember one strong passphrase, and the manager handles the rest.
There are many good password managers out there, both cloud-based and local. Choose one you trust and use it to create strong passwords for all your accounts. For maximum security, protect your manager with a diceware passphrase of at least seven words.
Backups
It’s also smart to keep an encrypted backup of your passwords on multiple storage devices or in cloud storage. If something happens to your main device or service provider, you’ll still be able to access your logins when you need them.
