|
| Creating a strong password is less about complexity and more about length and unpredictability. Crowe Crowe +1 1. Prioritize Length Over Complexity Modern security standards, including those from the National Institute of Standards and Technology (NIST), emphasize that longer is always better. Minimum Length: Aim for at least 15–16 characters. Cracking Time: An 8-character password can be cracked in minutes, while a 16-character password can take a billion years to guess using current technology.1. Prioritize Length Over Complexity Modern security standards, including those from the National Institute of Standards and Technology (NIST), emphasize that longer is always better. Minimum Length: Aim for at least 15–16 characters. Cracking Time: An 8-character password can be cracked in minutes, while a 16-character password can take a billion years to guess using current technology. National Cybersecurity Alliance National Cybersecurity Alliance +2 2. Use a "Passphrase" Instead of a Password A passphrase is a sequence of several random, unrelated words. It is easier for humans to remember but incredibly difficult for computers to crack. McAfee McAfee +4 Pick Random Words: Choose 4–7 words that have no connection to each other (e.g., Horse-Purple-Hat-Run-Bay). Avoid Predictability: Do not use famous quotes, song lyrics, or common phrases like "HomeIsWhereTheHeartIs," as these are easily guessed by automated tools. Add "Natural" Complexity: Use spaces (if the site allows), capitals, or symbols in ways that feel natural to you, like I like cats, dogs, & fish.. CISA (.gov) CISA (.gov) +2 3. Avoid Personal Information Hackers often use "social engineering" to find details about you online to guess your passwords. Never include: DOT Security DOT Security +1 Names of family members, pets, or your spouse. Birthdays, anniversaries, or your home address. Your username or the name of the service (e.g., don't use "Facebook" in your Facebook password) |