Forgot your password? That's because common password advice is bad, experts say

Joel Shannon, USA TODAY

November 3, 2019 at 8:20 PM

It's hard even for you to remember your password, so you must have a good one – right?

That way of thinking traces its roots to the early 2000s, in now-revoked guidance suggesting secure passwords should feature lots of random characters. But today's cybersecurity experts offer different, more user-friendly advice.

The shift was widely covered in 2017, when a man often called the "father of passwords" said he regretted his earlier recommendations, which previously suggested secure passwords should be complex – filled with variations of letters, numbers and special characters.

Instead, Bill Burr – a former National Institute of Standards and Technology manager – began to recommend using easy-to-remember phrases as passwords, rather than ones filled with "lots of funny characters," CBS reported in August 2017.

Password news: Google will warn you when your passwords are too simple to guess and used too often

The previous guidance came from a different era of computing, cybersecurity expert Curtis Dukes told USA TODAY. People had fewer passwords to remember back then. Hackers with relatively little computing power could be legitimately stymied by a random password. And there weren't many other ways to protect yourself other than having a hacker-proof password.

But over time, the advice led many people to believe that adding confusing characters to the end of a password or transposing letters with similar-looking characters ("pa$$word") would give them an added layer of cybersecurity, according to Dukes, an executive with the nonprofit Center for Internet Security Inc.

But in reality, that's not making you any less vulnerable. It's likely just unnecessarily frustrating you.

What makes a good password? Not having just one

You likely have dozens of online accounts protected by passwords. You should also have dozens of passwords – they just don't have to be difficult to remember.

Repeating passwords is a huge security risk, Dukes said. It means that if one password is compromised in a data breach, you will have multiple accounts exposed to hackers.

The solution: Think of phrases instead of words when setting your passwords.

Sharing your streaming password?: This is how much it's costing Netflix, Amazon and Hulu

You might not be able to remember dozens of passwords that look like "n4^G*E7fg?c=eW~P" (which is an actual password suggested by an online generator). But you have a real shot at remembering, say, dozens of lines from your favorite comedy.

Added bonus: Those phrases are likely pretty long, which is a big part of having a secure password.

That simple switch will make it far easier for you to remember multiple unique, strong passwords, Dukes said.

Passwords are just the first step: Turn on two-step verification

When you're going through all your accounts to update your passwords, opt to turn on two-step verification from any service that offers it, Dukes recommends.

You'll have to confirm your identity before accessing your accounts when two-step verification is activated. It's often done by texting confirmation codes to your phone, essentially meaning a hacker would need access to both your password and your phone before they could access your account.

More tips: How to create passwords that are easy to remember

And while it's possible to hack two-step verification, it's such a challenge that many would-be identity thieves will simply move on to an easier target, Dukes said.

How do you remember all your passwords? Really, you don't have to

While physically writing passwords down is still a bad idea, digital password managers are generally a secure way to keep track of the dozens of passwords you should have.

Pick one with good reviews, and use it to enable you to stop repeating and recycling passwords, Dukes recommends.

Password security: Stop doing these things

Even if you don't do all the above tips, you should certainly stop doing these bad habits, according to Dukes:

Using default passwords
Using the same password for multiple accounts
Forming multiple "unique" passwords that only vary by a few characters
Using personal information such as family names, birthdays, addresses, etc. in passwords

This article originally appeared on USA TODAY: Forgot your password? Common password advice is bad, experts say

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Nuggets star Nikola Jokić wins third NBA MVP in four seasons, placing him alongside all-time greats
Nikola Jokić joins a short list of the game's all-time greats after securing his third MVP.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
TechCrunch
Nintendo finally confirms the Switch 2 is on the way
In the most anticlimactic way possible, Nintendo on Tuesday confirmed years of rumors: The Nintendo Switch 2 console is on the way. "We will make an announcement about the successor to Nintendo Switch within this fiscal year," wrote Shuntaro Furukawa, the president of Nintendo, on X. Rather, Furukawa wanted to warn users not to expect the actual announcement in next month's Nintendo Direct livestream.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Yahoo Sports
2024 NFL Team Fantasy Football Power Rankings, 1.0
With NFL rosters pretty much set before training camp, Scott Pianowski reveals his first set of team fantasy power rankings for the 2024 season.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension
Murray tossed a heat pad onto the court during gameplay vs. the Timberwolves.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert
The Timberwolves' rising superstar led Minnesota to a Game 1 victory over Denver, then reminded the world that he's 22, not 23 ... yet.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Forgot your password? That's because common password advice is bad, experts say

What makes a good password? Not having just one

Passwords are just the first step: Turn on two-step verification

How do you remember all your passwords? Really, you don't have to

Password security: Stop doing these things

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Nuggets star Nikola Jokić wins third NBA MVP in four seasons, placing him alongside all-time greats

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

These 3 stocks are poised to benefit from the massive energy transition

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Nintendo finally confirms the Switch 2 is on the way

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

2024 NFL Team Fantasy Football Power Rankings, 1.0

Social Security just passed Medicare as the government's most pressing insolvency risk

NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

The best budgeting apps for 2024

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert