While logging in using a fingerprint or face scan is becoming more common, passwords are still essential for many of the apps and services we use every day. And from shopping to banking, social media to messaging, podcasts to cloud storage, there are a lot of accounts and passwords to keep track of.
Your passwords are all that’s standing between bad actors and your precious data, and of course you don’t want anyone and everyone wandering into your online spaces. With that in mind, it’s crucial that your passwords are hacker-proof, and we’ve rounded up some ways for putting that to the test.
What makes a strong password?
The old adage about passwords is that they should be impossible to guess and very difficult to forget—you’ve no doubt seen those scenes in movies where someone’s password is being guessed at, with significant dates, names, phrases, and pets all usually tried. Trying to get the balance between something unguessable and unforgettable isn’t always easy though, of course.
Longer passwords are better, as are passwords that include special characters (like question marks) and numbers—this all makes brute force attacks, where lots of different combinations are tried in quick succession, far less likely to succeed. Avoid well-known words and phrases, as well as names (of people, brands, or companies).
Reusing passwords makes digital life more convenient, but it’s something you should never do: It makes the lives of hackers easier, and if one of these accounts gets compromised, then all the others with the same password can quickly follow. It may be more time consuming, but you should always create individual and strong passwords for all of your accounts.
So how do you keep track of all these complex, unique passwords? Using a password manager is recommended, or using the tools built into your web browser. Writing down passwords is okay as well—as long as these notes are hidden somewhere safe and secure, and not (for example) stuck on sticky notes right by your laptop. If you do need to write them down, maybe think about writing hints rather than the passwords themselves.
How to check your passwords
Plenty of apps and websites are available to check the strength of your passwords for you: You might even see an indicator that goes from red to orange to green when you’re typing out a password for a new account. When you do sign up for something new, you may get guidelines you have to follow—like including a special character, for instance.
We do like the checker that password manager NordPass has put online. Type in one of your passwords (the password won’t be saved), and you’ll be told how strong or weak it is, as well as the reasons why. You’ll also see an estimate of how long the password might take to crack, as well as an alert if your password has appeared in a data breach. Similar tools are available from Bitwarden and Security.org, if you want to compare results.
[Related: How to keep all of your accounts safe in a world where people want your data]
Google has an online password checker too, but it scans the passwords you’ve saved to your Google account through Chrome and Android—you can’t just test any password with it. It’ll also warn you about passwords you’ve reused when you shouldn’t have, and passwords included in data breach leaks as well.
If you’re using iCloud to store your passwords on Apple devices, you can check up on the security of your passwords through an iPhone, iPad, or Mac. On the iPhone, for example, head to Settings, then open up Passwords and tap Security Recommendations at the top. As with Google’s tool, you’ll be warned about weak, reused, and leaked passwords.
Those of you making use of a password manager should find something similar in your software too. The popular 1Password, for example, has a feature called Watchtower: It’ll warn you if your passwords aren’t strong enough, are linked to compromised websites, or have been used several times.
Every password manager—including those offered by Google, Apple, and 1Password—should be able to generate random, strong passwords on your behalf. These passwords will be very hard to crack, and because you’re using an app to remember them all for you, you don’t have to worry about forgetting what they are.
How to protect your passwords
Your passwords need to be kept safe, and as we’ve already mentioned, employing the services of a password manager is a great start. Using one of these tools doesn’t mean you can get complacent—you have to make sure no one else has access to your password manager, which would then give them access to all your login credentials.
That usually means locking access to the devices where your password managers are running, so your computer and your smartphone should both be well protected with their own PINs and passwords (or biometric authentication, which is even better). Make sure these devices are never left unattended, and always locked when not in use.
[Related: 15 ways to be more secure online]
As well as your passwords being guessed and brute forced, you also need to think about another popular scam: social engineering. This is where you’ll be tricked into typing your login credentials into a fake website, or giving them over to someone in a telephone call or a direct message conversation.
First of all, never tell anyone your passwords, in any situation—if someone is asking, they’re not legit. As for avoiding fraudulent websites, keep your browser software up to date (these browsers are trained to spot suspicious websites), and avoid following links in your inbox unless you’re sure they can be trusted—if you’ve just requested a password reset, for example.