Skip to main content

Are Your Passwords (Really) Unhackable?


 

May 3, 2023

Identity theft. Data breaches. Cybercrime.

Headline fodder for the 24-hour news channels? Sure. But these news headlines also represent very real concerns for anyone who socializes or shops online. Are your passwords among the easiest for hackers to crack? Millions use 12345, qwerty, abc123, 11111, and other simple, memorable passwords, making easy work for cybercriminals.

You can – and should – use Multi-Factor Authentication (MFA) to strengthen account security wherever it’s supported. MFA requires two factors to confirm your identity when you sign in to your account. However, since one of those factors is typically your password, you’ll want it to be as strong and unhackable as possible. 

Since May 4th is World Password Day, we asked ID.me Chief Information Security Officer Damon Becknel to share guidelines to help you create strong, unique passwords, not only for your ID.me account but for all your digital accounts.

Create strong passwords

As technology changes, hackers continuously evolve their strategies to gain access to your accounts. To stay ahead of cybercriminals (or at least keep up), your passwords need to be strong enough to act as the first line of defense.

A few years ago, short passwords with random letters and symbols were considered a best practice. Today, the Identity Theft Resource Center (ITRC) recommends unique 12+ character passphrases for all accounts. In fact, according to Hive Systems, hackers will need three years to figure out your password if they contain:

  • At least 12 characters
  • Numbers
  • Upper and lowercase letters
  • Symbols
Are your passwords really as strong as you think they are?
Graphic courtesy of Hive Systems

Creating strong passwords is one step. But another vital step is to ensure those passwords aren’t reused for multiple accounts. If you use the same password on multiple websites and a hacker gains access to one, they can quickly try the same password on other accounts. Reusing passwords makes easy work for hackers.  Even slight changes to passwords will considerably lower the attackers’ chance of success.

It’s also essential to avoid using information that can be easily found on social media profiles in passwords. This includes things like dates of birth, spouse’s names, pet’s names, etc. Hackers can easily find this information and use it to crack your passwords. Using a combination of random words and phrases is a better idea.

Beat hackers with passphrases

To add even more complexity—use a passphrase instead of a password. A passphrase is a longer sentence, or phrase, that can generally include spaces (check application guidelines). Because of their length (the FBI recommends you use as many characters as the system will allow) and because they’re generally much more memorable, passphrases are much more secure than regular passwords. 

Pro Tip

Try a password manager! These software applications help you manage, create, store, and secure your passwords, usually with just a single sign-on to remember. ID.me members can save on these popular password managers.  Check it out!

Build a strong digital defense

ID.me is committed to enabling all people to have a secure digital identity. We do our part by ensuring your data is safe and that your verified identity is securely used to access partner sites and services. 

Protect your sensitive information from cybercriminals by taking the time to ensure the passwords on your accounts are strong and unique. Using a combination of upper and lower-case letters, numbers, and symbols, and easy-to-remember passphrases, never reusing passwords across multiple accounts, and avoiding using easily obtainable information in passwords are all essential steps in creating strong passwords.

Consider changing your passwords annually, even if not required, as part of your Spring Cleaning routine.  A little effort in creating a strong password today can save you from a massive headache and financial loss in the future.