“Password123” may be easy to remember, but it’s a disaster when it comes to security. Hackers like to go for the low-hanging fruit and try the obvious options first.
And despite years of warnings from security experts, “password,” or a slightly modified version of it, remains one of the most common passwords out there.
Ideally, a password should be composed of a long string of characters. The more characters, the harder the password will be to break. Think of at least a dozen. Try stringing them together using an easy-to-remember phrase: Thequickbrownfoxjumpsoverthelazydog. (Though it’s better to choose a phrase only you know.)
One common mistake many consumers make is using easy-to-guess words, says Tonia Dudley, strategic adviser at Cofense, which specializes in anti-phishing technology. While apps and sites are getting better at stopping people from using the passwords most frequently uncovered in data breaches, she says people still find ways to use variations of them.
And that warning now goes for your username, too. Many apps and websites no longer require you to use your email address. Picking something different makes things harder for attackers, she says.
On the flip side, experts now say that you don’t need to change your passwords on a regular basis. You’re more likely to set a good long password if you know you’re going to use it for a while.
Needless to say, if it’s exposed in a data breach, you still need to change it immediately.