If you were to ask someone what the number one factor for a strong, unhackable password is, what do you think they would say? They might suggest adding a special character, sprinkling in some capital and lowercase letters, or replacing some letters with numbers. Sadly, none of these "strong" password tips are actually the strongest factors. In this article, I will reveal three of the most important things to do to secure your digital life.
Tip 1: Password Complexity
According to a study done by Mark Burnett, users tend to use the same methods for overcoming these password strength requirements. For example, if a user needs a number, they will use a 1. If they need a special character, they will use a !. We have all been there before: your favorite password is icecream but now you need a number. Ok, just use 1cecream. Now you need a special character? 1cecream!. This may seem more secure than the original, but it isn’t.
The strongest password is one that cannot be easily guessed by a hacker. Hackers know all of the tricks that you use: replacing an "a" with an "@", using a "0" instead of an "o", or just adding an ! to the end of your password.
These patterns are easy to remember, but also easy to guess. The number one factor you can do to improve your password security and decrease the chances of getting hacked is to use a unique, random password every single time. You need to start using completely random passwords that are computer-generated. Something like "qKmVFVvjE2Fwa#n^dgN7eph5EN%Ki!". Ugly right? That's a good thing because it means it can't be guessed easily. This is basically as good as it gets for password security, and it will definitely check all of the password security boxes.
I know what you're thinking: "How will I remember this password?". Well, that's where the password manager comes into play (see tip 3).
Tip 2: Password Reuse
It isn't enough to start using complex passwords from here on out. Your old passwords are still at risk.
You don't know the security practices of the sites you use, and nothing that you do could protect them from a data breach. So you have to operate on the assumption that at least some of the sites you use will get breached and your password will get stolen. Go to https://haveibeenpwned.com/ to see if your account has been hacked anywhere.
The problem is that if a hacker gets your password on one account, they can then try that same password on your other accounts. Imagine how bad it would be if a hacker got access to your bank account because Dropbox or Adobe got breached.
The solution? Don't reuse your password on multiple sites.
If you use a different password on every account then if your Zynga account is breached, all the hacker will have access to is your Zynga account.
Luckily, Bitwarden makes this easy because of its random password generation feature and auto-fill functions. You make a secure password and never have to remember it or type it in.
Tip 3: Password Management
Why Bitwarden
Bitwarden is a completely free password manager that can sync across all of your devices, making it so you never have to manually enter a password again. It will auto-generate extremely secure passwords (like the random letter example above), allowing you to login with a unique secure password with no effort whatsoever. It also has spouse and family password sharing.
Security
Bitwarden offers end-to-end encryption, meaning that your actual (plaintext) passwords never leave your devices. They operate on the principle of zero-knowledge. That means that Bitwarden cannot access your passwords.
Even if their server was breached and their databases were leaked on the internet, it would take hackers billions of years to decrypt your passwords (hopefully you can change your passwords in that time).
Lastly, their code is entirely open-source (not true of competitors like LastPass), which means that all of the ciphers and security methods are peer-reviewed and ensured to be of the highest quality. For more information, check out their security page.
What should I do?
First of all, head to https://bitwarden.com and make an account. You'll have to make a master password. This is the only password you will have to remember, and it will allow access to all of your accounts so it should be strong and unique (not a duplicate of a password you have ever used in the past). If you need some help, you could use a phrase that is easy to remember, but long. In addition to the things we talked about before, length is one of the strongest factors for password security - so make it long. At the end of the day, just remember that this is the last password you ever have to remember. At first, you might want to physically write it down, but you should memorize it so you can access your accounts anywhere. And remember that since Bitwarden operates on zero-knowledge, if you forget your master password, there is no way to reset it and you will lose access to your account permanently.
Once you've created an account, you should verify your email using the button in the top right corner.
Setup 2FA
Click Settings in the top navbar and then click two-step login on the left sidebar. You don't need to do this, but I highly recommend it, as it will be one more barrier preventing a hacker from getting access to all of your passwords. Even if they do guess your master password, they will still need your email or your authenticator app on your phone to get your passwords. I recommend using the authenticator app method.
Download the Bitwarden app on all your devices
Navigate to Bitwarden's download page to download the app for each of your devices. You should download it on your mobile phone, as well as your browser.
Now follow their guides for getting started:
Now start adding your passwords, set up autofill, and you'll be ready to go!
Bonus Step: I recommend that you change all of your old passwords to new, unique, and random passwords using Bitwarden’s password generator. This is especially important if you have used the same password (or very similar versions) on multiple accounts. These accounts are still at risk of being hacked because they have weak, repeated passwords. Just having them in Bitwarden isn’t going to protect you. For maximum security, you still need strong, unique, random passwords for every account.
Thanks for reading! Feel free to leave a comment with questions and check back for more content.
Note: I am not sponsored by Bitwarden, I just love their products