GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

By Rob Gabriele

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts?

Related: Training human sensors

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Guarding our digital lives (and real-world identities) with just a few keystrokes seems a tactic too simple to ignore, and if users are careful and stick with best practices, these simple measures can be remarkably effective.

Proper password hygiene doesn’t require a degree in rocket science. Follow these four easy tips, and you’ll sleep better and safer at night.

1) Create sufficiently-complex passwords. This may seem obvious, but most users have poor password habits because it’s far simpler to remember your pet’s name and birthday than a combination of random numbers and letters. But simpler passwords are much easier to hack. Anything quickly conceived can be deciphered with the same speed, so forget your old tricks and stick to these ground rules instead:

•Longer is better. The National Institute of Standards and Technology’s (NIST) latest guidelines stress that a password’s length is its most critical component. Make sure your code has at least eight characters, but it’s best to pick a dozen or more.

•Don’t use words or names. Words and phrases are easier to remember but highly susceptible to cracking. Hackers can run through entire dictionaries in seconds, making this approach similar to hiding a key under the doormat.

•No personal information. Keep information like your birthday, high school graduation year, or address out of your passwords. Assume that this type of personal data is easily discoverable online.

Selecting twelve random characters that don’t form any words and lack any personal connection isn’t much fun, but it is very safe. If you’re unsure about a passcode’s integrity, you can always check it with a password strength tool before using it.

2) NEVER reuse a password. Reusing passwords turns a single cracked code into a master key to every part of your life. After breaking a password, cybercriminals don’t only access that single account. They sell the credential on the dark web to others who will try every door they can find.

You may not worry about a hacker using your Netflix login to catch up on Squid Game, but if that same password permits the thief access to your PayPal account, the stakes are suddenly much higher. Silo your risk by generating a unique password for each of your online accounts.

3) Activate 2FA on all accounts. Two-factor authentication may seem technically complicated, but “2FA” is a security measure you already know. Anytime a website sends you an SMS code or asks a personal security question, that’s a form of 2FA.

By requiring additional verification in response to suspicious activity, online accounts double-check your identity while barring hackers who possess only your password. It’s like needing a code to disarm an alarm after unlocking a door.

The problem is that too many of us skip this security step when it’s optional (most financial institutions require 2FA – and for good reason). Take a few minutes to activate 2FA on all of your accounts, as it could save you a lot of time, headaches, and even money.

4) Use a password manager. Since memorable passwords are difficult to crack, the opposite is equally true: Safe passwords are hard to recall. Of course, storing them unsafely undermines security, so a post-it-covered desk isn’t an optimal solution. Instead, password managers (also called password vaults) are ideal for complying with cybersecurity protocols.


In addition to storing your passwords, most password managers will generate secure codes and even fill them in to save you from constantly retyping long strings of characters. They also track public breaches to let you know when credentials have been compromised and need to be changed.

By automating best practices, password managers make it painless to maintain unique complex logins for every account. Several affordable management options are available online and most browsers now include a free basic version (but never use these on a shared device).

At the enterprise level, security protocols constantly evolve in response to new cyberthreats, but when it comes to personal password protection, consistently practicing these simple habits will keep your identity safe and secure online. Or as they say, an ounce of prevention is worth a pound of cure.

About the essayist: Rob Gabriele is managing editor for Formerly a producer for the USAToday network, Rob holds a Master of Science with an emphasis on writing from the University of Montana. He has over 10 years of professional writing experience and he currently lives in the Reno/Tahoe area of Nevada.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone