What we'll cover
Create A Strong Password
Most of the time when someone thinks of a strong password, they think it is 32 random characters consisting of numbers, uppercase letters, lower case letters, and symbols. While this can result in a strong password, it's not recommended. Why? Because 2cESVgM4!H5fr2qZmzzXk^4lL9Vw&QJ# is nearly impossible to remember.
The better way to create a strong password is by creating what is called a passphrase. It's technically still a password, but instead of creating a random line of gibberish, you create a seemingly nonsensical phrase that actually makes sense to you and is easily memorable. For example, Trash alley arch 21st. While it looks like a bunch of random words, it's actually easy for me to remember. All I have to do is think of the trash dumpster in the alley behind the McDonald's on 21st street.
Not only is a passphrase easier to remember, but it's also very secure. "How", you ask? Because computers are really good at guessing predictable passwords. If you are like most people, you already use a very insecure password that looks nothing like our first example. It may be your dog's name, the year you were born, etc. A program designed to crack password tries a huge word bank of popular passwords, which has about a 1/3 chance of breaking your password. It then modifies the list with common changes and then finally starts trying passwords in alphabetical and numerical order until it cracks it (a, b, c....aa,ab, and so on). However, when you create a passphrase with words that don't typically go together, the computer has an extremely hard time trying to predict what your password is. When was the last time you heard someone say "alley arch" anyway? A good phase phrase typically takes a computer centuries to crack!
If You're having some difficulty coming up with a passphrase on your own or want some more information on them, we recommend checking out https://www.useapassphrase.com/
Create Unique Passwords
You may already know this, but try to use a unique password for every account you have. If you're not able to do it for every site, at least do it for the most important accounts (banks, email, etc.). The reason for this is so that if one account gets hacked, they don't have access to all of your other accounts. This is especially important for your email account as most online accounts will send your user name and password to that account if requested.
Don't Update Your Passwords
You may think that updating your password regularly (i.e. every 90 days) may be more secure, but that's generally not true. The reason for this is that the constant changing of password typically result in us using weaker and more predictable passwords.
Generally the only times you will want to change your password is if a site or business you have an account with has recently had a data breach, if you've been hacked, or if you were sharing an account with someone that you no longer wish to have access to your account (i.e. Not wanting your ex to access your Netflix account). If you're not sure if you're account has been hacked, but see suspicious activity, change it to be on the safe side.
Use A Password Manager
Even though you've now created some memorable passphrases and don't have to worry about changing passwords all the time, it's probably still a lot to remember. That's where password managers come in. Password managers are designed to store all of your passwords securely. First you create a super secure password for your account and then you add all of your other passwords to it. You can then access them at any time and most password managers also have an autofill feature so it can fill in the password automatically when you're on a site you have an account for.
Now, you may be thinking "Wait, why should I have unique passwords if someone can just get access to this account and get all of them?!" The reason for a password manager is so that it makes it easier for you to access your accounts. While it would technically be more secure to not use a password manager and just to remember 100+ unique passphrases for all your accounts, it's not really practical. Also, unlike every website you visit, password managers are generally designed with a high level of security and encrypt your data so not even they know what your password is.
While we do not currently officially endorse any single password manager, some of the more popular ones include Lastpass, Dashlane, and 1Password.
Don't Save Your Password In The Browser
Many browsers today, including Chrome and Firefox, have the ability to save your password. While this is very convenient, it is not secure! Should someone get access to your computer (physically or remotely), they can easily see every password you've ever stored in it. Best to skip this feature and stick with a dedicated password manager. Besides, most password managers also have a browser extension that can do many, if not all, of the same features with the extra benefit of it actually being secure.
Use MFA When Possible
Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) is a feature that requires you to enter in something you know (i.e. your password) and something you have access to (i.e. your phone). This is a great feature and we strongly recommend enabling it wherever possible. The reason for this is if someone cracks your password and tries to get into your account, they still would not be able to access it because they can not provide the verification code sent to your phone.
Not all sites (including ours) currently support MFA, but a fair number do. You can find a list of most sites that support this feature at https://twofactorauth.org/