When it comes to choosing strong passwords, the advice has always been to adopt length, randomness, and to change them often.
This is definitely good advice, but it’s not realistic to expect someone to remember dozens of sophisticated passwords at once.
This is why at SPYSCAPE we recommend services like LastPass, which randomly generates extremely strong passwords for you and stores them securely on a 'vault' on your computer which can be synced across devices via the cloud. From this vault, you can manage all of your online accounts, and you will only need to remember one master password for the entire collection.
This is a very clever way of securing your online life, but remember that a strong password - even the strongest - is not all about algorithmic complexity. Some of it overlaps with psychology. For example, if a database of 1 million customer records is stolen - yours included - and your password is within, say, the most secure 30% of passwords in that database, many hackers will simply not even bother with you. They’ll think “great, we’ve cracked a few hundred thousand passwords, but these others will take weeks, months, even years to crack, so we’ll just sell them on some dark web forum for a cheap price and harvest additional data from the rest”. By the time your password is cracked (if ever), it will be useless to an adversary. In fact, if all 1 million users had automatically generated their passwords, in all likelihood none of them could be cracked.
This highlights another important issue when it comes to protecting your data: you can’t fully trust any website’s security. Limiting what types of data you give to various services is just as important as having a strong password. Do not give your mobile number if you can avoid it. Ideally, never give a correct date of birth. Never use your first pet’s actual name as a security answer to “what was your first pet’s name.”
A good practice is to create a simple alter ego for your non-essential services. Give this persona a different name, date of birth, and email address. Segment this personality from your most sensitive online activities. Easy!
Hackers today have a variety of access points and a daunting array of tools to find the password to your password. Using these steps, you can fight back. Just remember, the most important protective tool you have online is mindfulness.