Which of these passwords is stronger? 123456 or photosynthesis?
Trick question. Neither password is strong. Simple numerical strings and words found in the dictionary, even ones you don’t normally use in day-to-day conversation, are easily guessed by cyber criminals, who often use sophisticated programs that include trying every word in the dictionary as they attempt to penetrate accounts. Always use a more complex combination of letters, numbers and symbols.
How many characters are enough?
Generally, the longer the password, the harder it is to crack, since the number of possibilities increases substantially with each new character added. If you know that a password consists of a single lowercase letter, it would take no more than 26 attempts to hit on the correct one. Any string of letters that form a single word is also relatively easy to hack — a nine-character all-lowercase English word could be guessed in about a million tries. But a 15-character password of lowercase letters (without any numbers or special characters) that do not form a single word has millions of trillions of possibilities.1
True or false? You should never use your birthday for your password.
Using any sort of personal information (birthday, middle name, numbers in your address — even an old one) is unwise, since cyber criminals might already have access to that information through social media or other means. But if you make it part of a longer, more complex password, that can be more secure.
Should you use your favorite sports team, band or movie character as a password?
It’s not really a good idea. Here’s why: While it’s easy to remember those sorts of things, there’s a good chance you’ve written about them on social media (or even listed them as favorites on some sites). One alternative is to consider picking a favorite phrase you’ll find easy to remember and using the first letter of each word in the phrase as your password.
Can I use the same password for multiple accounts?
If one account is accessed, you risk having your others compromised as well. It’s essential to have a different password for each account you create. At a minimum, you should always use unique passwords for your banking and investment accounts. And keep in mind that two is better than one: Use multifactor authentication — which requires two or more types of verification — whenever possible.