This post is also available in: French, German, Spanish

How Strong Is Your Password & Should You Change It?

This post is also available in: French, German, Spanish

Keeping track of how strong your passwords are is essential. Hackers can crack the average password in seconds if it includes common phrases and words, is reused between websites, or has been previously stolen. Studies show that long and randomly generated passwords can take trillions of years to crack but can be difficult to remember and keep track of.

Luckily, a strong password is easy to create, remember, and protect when using the right tips and tools.

Check out Dashlane’s YouTube video for more tips on how to make a good password.  

Want to learn more about using Dashlane Password Manager at home or at work?

Check out our personal password manager plans or get started with a free business trial.

What makes a good password? 

A strong password is long, contains unique characters and numbers, and is hard to guess. In addition to being strong, a truly secure password should never be reused for more than one account.

Here’s how to make a good password for each of your online accounts:

Infographic with examples of poor passwords and further instructions on better practices when creating and managing strong passwords.
  1. Avoid using your name and common phrases 

The top 100 most common passwords consist of popular names, phrases, and memes. Hackers prepare dictionaries of these passwords and use them to create programs for cracking passwords to your online accounts.

Avoid including common combinations such as “qwerty,” “password,” or a string of numbers in your password. Break the habit of using your name, birthday or anniversary, street name, or any other detail closely associated with you that a hacker could pick up from your social media profiles or a simple email interaction.  

  1. Include a mix of characters

Use a combination of symbols, numbers, and upper and lower case letters to make a good password. However, adding just one of each to your password doesn’t make it fully secure. It’s easy for computer programs to try variations on everyday phrases and words with numbers and symbols. Think beyond tacking an exclamation point and a number to the end of your passwords. 

  1. Use at least 8 characters; 12+ is even better

When it comes to password security, the longer, the better. A password with a minimum of eight characters is good, one with a minimum of 12 characters is better, and one with 20+ characters is ideal. The longer the password (consisting of symbols, numbers, and upper and lower case letters), the more complex it becomes to hack. An average hacker can crack a complex eight-character password in just 39 minutes, but 12+ characters would take closer to 3,000 years.

  1. Use a password generator 

Bad actors are constantly sharpening their skills as the world goes digital, but the rest of us hardly have the time to constantly brainstorm complex, unique passwords for every account. Passwords can be extremely difficult to remember over time, especially when the strongest passwords aren’t memorable words, phrases, or dates. 

A password generator can help you stay ahead of scammers by using advanced algorithms to create strong and secure passwords for you. Dashlane’s Password Generator, for example, creates and stores strong passwords that are long, random, and unique. 

Screenshot of Dashlane’s password generator tool that automatically makes a good password for you.
Dashlane’s password generator in the browser extension.

Six best practices for keeping your passwords safe  

Creating a good password isn’t enough protection against hackers. You also need to keep your password private. Saving passwords in a document or on a desktop without any additional security measures is like locking your door but keeping the key under the mat for someone to find. Practicing good password safety will ensure that your digital front door is protected.

After you create the perfect passwords, check out these six best practices to help you protect them:

Two column graphic of recommendations on what to do and what to avoid when creating and managing passwords.
  1. Use a password manager

Because strong passwords are unique and long, they can be difficult to remember. Especially when each of your accounts has its own password. That’s why you need a password manager.

A trusted password manager like Dashlane creates random complex passwords for your accounts and securely stores them, so you don’t have to memorize or put them in a spreadsheet. This is the best way to generate strong, unique passwords for all your accounts and safely autofill them online.

  1. Never reuse passwords

At least 63% of online users reuse passwords across various accounts and devices, even though 91% of people say they understand the risks. Once a hacker cracks your reused password through one account, they can gain access to all your accounts using that password. 

That means if your Uber Eats password leaks and you’ve reused it across your online accounts, hackers can quickly exploit it. They could snag some iPhones through your Amazon account or even ask your Facebook friends for money.

  1. Avoid sharing your passwords in plain text

Whether chatting with a colleague, spouse, or friend, try not to share your password through unencrypted text (for example, through email). If another person sees or intercepts the message, your logins may be in trouble. 

Now, you may be wondering, “How can I securely share passwords for my Netflix account with friends?”

The safest and most efficient way to share passwords is to use a password manager. With  Dashlane’s secure sharing feature, you can securely share your passwords and personal information with other registered users. You’ll even have the option to share with “limited access” for those you want to be able to use but not view your password and share with “full access” for those who can have full visibility of the login information.

  1. Say “No thanks” to saving passwords in your browser

Online browsers like Chrome, Firefox, Explorer, Opera, and Safari ask their users whether they wish to save their passwords for next time. It’s super convenient, isn’t it? But it’s not secure. A hacker or anyone using your laptop can access all the passwords saved by your browser. The same goes for your native smartphone password managers, such as the iCloud keychain.  

So, how do you remember long and unique passwords for all your online accounts?

Dashlane not only assists you in creating and monitoring random and unique passwords but also autofills them on authorized devices to make it easier and faster to access your accounts.

  1. Use 2FA where you can

If an unauthorized person has your password, you can still stop them from accessing your account with 2-factor authentication (2FA). This advanced security feature requires you to provide extra login information based on something you know, have, or are. 

Ideally, try to avoid receiving 2FA codes through phone calls and texts, as it’s relatively easy for an attacker to hack your phone number and access your verification code. Instead, use an authentication app that generates time-sensitive verification codes to make 2FA more secure.

  1. Audit your passwords

Even with the best intentions, you can’t always prevent hackers from accessing your logins, especially through data breaches and malicious attacks. However, you can continuously monitor your password health to determine whether your accounts are at risk or compromised.

Dashlane’s Password Health tool is an easy way to analyze and strengthen the security of your passwords. The Dashlane Password Health score algorithm runs silently in the background to strengthen your password health and proactively prevent potential password attacks by detecting weak, compromised, and reused passwords. 

Avoid trying to check off all of these boxes on your own and use the Dashlane Password Generator instead. Instantly create and store strong, random, and unique passwords.

How often should you change your passwords?

In the past, security experts recommended a password purge every 60–90 days, but security standards have evolved with more robust password safety practices that don’t require tedious password reset sessions. 

Unless you discover your passwords are at risk, you don’t need to change them periodically. Frequently changing passwords encourages the use of easy-to-remember passwords or saving them on browsers—which is exactly what you should avoid.

When to change your password

Although automatically updating your password every few months isn’t necessary, there are several circumstances when updating your password is a wise cybersecurity choice. Remember, these scenarios can happen to anyone—no matter how cautious you are—and the most important part of these situations is the action you take after they occur.  

Below are five instances when you should consider changing your passwords:

1. After a security breach

Don’t waste a second. After you learn that your data is part of a security breach, you should change your passwords right away. This will lock any bad actors out of your breached account and any other accounts that use the same or similar credentials.  

2. When you receive notifications of attempted access

Prevention is always better than a cure. Therefore, change your passwords immediately after you’re notified of attempted access to your account. 

Pro tip: Dashlane generates strong passwords and uses Dark Web Monitoring to check for your login information on the dark web and notify you immediately if it’s found.

3. If you discover malware or phishing software

Once you realize your computer is infected with viruses and other phishing software, change your passwords on the spot using a different device, such as your cell phone or tablet, to avoid being compromised.

4. After using public WiFi

The best practice is to use a VPN when utilizing public WiFi. A VPN modifies your server location, secures your connection, and makes it possible for you to browse privately and anonymously. If you happen to forget your VPN or don’t have one, when you return home is the perfect time to change any passwords to accounts you accessed while on public WiFi.

5. After you shared your password

If you temporarily shared an account login with a friend, co-worker, or family member, don’t forget to withdraw access by changing your password or revoking access in your password manager’s sharing center.

How Dashlane keeps your passwords secure

Dashlane uses AES 256-bit encryption to secure your data in a password vault. Encryption simply means that your password is scrambled into a different combination of numbers, letters, and symbols before it’s stored for added security. 256-bit encryption is the industry standard for government agencies and is highly secure. 

On top of that, Dashlane encrypts user data locally, meaning your passwords and personal information aren’t kept on Dashlane servers. Effectively, your account info never leaves your account. 

How does Dashlane push the industry standard to the gold standard in data protection? We deploy multiple layers of security to keep your information safe online:

  • A Master Password: This is a private key encrypting the data you save on Dashlane. Your Master Password is always private (not even a Dashlane employee can access it), is never kept on Dashlane servers or local disks (unless you turn on “Remember my Master Password”), and is never transmitted online.
  • An intermediate key: If you choose “Remember my Master Password,” your password will be saved to local storage. In this case, an intermediate key is used to support the Master Password by protecting it with random 32-byte encryption for maximum security. This is essentially an extra layer of security for your Master Password when you choose to save it locally.
  • A user device key: The user device key manages your authorized devices in Dashlane apps, including denying access to any unauthorized device. It’s auto-generated for every device and browser on your computer.
  • A local secret key: A local secret key, as its name suggests, is generated locally to encrypt communication between the Dashlane Password Manager app and your web browser plugins through local visual pairing. Similar to speaking in code over the phone to prevent potential listeners from understanding you, this key ensures that your information isn’t accessed in transit from the Dashlane to and from your local server.

Dashlane also uses a patented zero-knowledge security architecture for encrypting and decrypting user data. This means you’re the only one who can access your accounts. Not even Dashlane can view your information.

This advanced security architecture ensures that your data can’t be compromised even if Dashlane experiences a security breach–which hasn’t happened in the 13+ years we’ve been in business.

Dashlane supports your cybersafety

With several tips and tricks for creating and managing the perfect passwords, it can be easy to slip back into old, unsafe patterns when using your devices and interacting with your different accounts. Dashlane’s Password Generator can help you prioritize and automate your cyber safety so you don’t have to think about whether your password is guessable or strong enough. Even better, with Dashlane’s Password Manager, you can browse the internet stress-free, knowing your passwords and account information are stored correctly.

Reusing one strong password everywhere makes your accounts vulnerable.

Download the Dashlane Password Generator to securely auto-generate long, strong, and unique passwords for your online accounts. 


References

  1. Digital Citizenship, “What makes a good password?” December, 2021.
  2. Hive Systems, “Are Your Passwords in the Green?” March, 2022.
  3. ABC, “Chart of the day: If you’re using any of these passwords, stop now. Please,” June, 2018.
  4. Govtech, “Email Security, Working from Home and World Password Day,” May, 2021.
  5. SANS, “Time for Password Expiration to Die,” June, 2019.
    Dashlane

    Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

    Read More