The first Thursday of May is World Password Day, a day to remind ourselves of the importance of making our digital lives more secure. For better or worse, just about everything we do is connected, online, and digital–our phones are car and house keys, every penny we have is behind a few banking passwords, and our entire jobs and reputations can be destroyed with access to just a couple social media accounts.
It’s more important than ever to ensure our accounts and digital devices are as secure as possible. But of course, security has to be convenient as well–you’re not going to type in a 45-character alphanumeric password every time you want to unlock your iPhone!
With that in mind, here are some straightforward tips for making sure your digital life is more secure. Some can be done in minutes, others may take some time to set up but will be fast and convenient after you do, but all of them will help make sure you don’t end up with a disaster on your hands.
What makes a bad password
Every security expert will tell you that the biggest problem isn’t that hackers are super skilled, it’s that they don’t have to work very hard most of the time because people use bad passwords and the same passwords for multiple things.
Left to their own devices, people will choose passwords that are simple for them to remember. They’ll use their spouse’s name, their dog’s name, their favorite sports team or a recent vacation spot.
Just look at the most common passwords for 2022:
- password
- 123456
- 123456789
- guest
- qwerty
It takes no skill or ingenuity to guess one of those in seconds. You should also not use your children’s birthdays, anniversaries, a pet’s name, or any other set of numbers or words that is associated with your real life.
How to create a strong password
Instead, experts say to use long passwords made of multiple words together–a pass phrase, if you will. Something like super-sonic-headphones
or walter-white-is-heisenberg
is a lot harder for a computer to crack than vNe3R#1!
because brute-force password cracking gets much harder as the password gets longer, not stranger.
By using these following tips, people will be able to create easy to remember passwords that follow these typical requirements: at least eight characters long and with at least 3 of the following character types: upper-case letters, lower-case letters, numbers, and special characters.
- Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3)
- Substitute words for numbers (one, two , three…)
- Combine both the of above (0ne, thr33, f1ve)
- Use capitalization in random places (bLue, happY)
- Use special characters ( !@#$%^&*(){}[] ) to punctuate and separate words
- Create passwords out of words, numbers or phrases you’ll remember
- Misspell words
Using these tips, you can create memorable passwords that will be nearly impossible to guess. Here are some examples of converting memorable information into a complex password
We’ll start with some easy ones:
- Friday becomes frYday!
- Robert becomes #robERt#
- 867-5309 becomes 8siX753o9
- 19 Peach Place becomes: 0ne9peacHpl!
- I love Jill becomes: eYelov3Jill
- My dog Fritz becomes MeyedogfrltZ
That should help you create a secure password, but you’ll need to create more than one, because using the password, or recycling old passwords and using passwords on rotation is bad. Read on to find out how to solve this password problem.
Managing multiple passwords
You should also use a different password for every single account you have, without exception. Huge lists of stolen passwords are frequently sold and traded among hackers, where they are then checked against millions of sites and services. If one of your accounts is compromised and you change the password, you can bet that same password will be tried on many other sites and services for years to come.
Using long, complex passwords that are different for every account you have is a huge pain–you’ll never remember them all. That’s where password managers come in! They help you store and fill in passwords across all your devices and can fill in things like address and payment forms too.
A good password manager makes your life easier and more secure and is well worth the time to set up. You can use iCloud Keychain which is built into your iPhone, iPad, and Mac to help you manage passwords, but for even more flexibility try one of the Password Managers we’ve reviewed in our round-up of the Best Password Managers for Mac and iPhone.
Take advantage of biometrics
While your device is only ever as secure as your password–because biometrics can be overridden by the password–using biometrics means you won’t always need to type out a long and complicated password.
Biometric password features like Face ID and Touch ID are not foolproof, but they’re much harder to crack than a string of six numbers, and they’re much more difficult to sell and trade around than big lists of passwords.
You should change your iPhone or iPad passcode to a real password, and make it a good one, then use Face ID or Touch ID to avoid having to type it in all the time. Do this wherever possible: Use big complex unique passwords for your main password manager, for example, and let Face ID or Touch ID do the hard work of unlocking it for you.
Apple, Microsoft, and Google have joined together to allow the use of biometric logins without passwords across their sites and services. This initiative, called Passkey, has been supported in Apple devices since macOS 13 and iOS/iPadOS 16 and is starting to be used across other sites and services. You can now log in to your Google account with Passkey, for example.
Secure every account with 2FA where possible
Two-factor Authentication (2FA), also called Multi-Factor Authentication (MFA), is when you have to supply a password and something else–a short one-time use code sent to you via text message or generated by a special app, or a fingerprint or face scan, for example.
These are really great ways to secure your account. Any time your password is correctly entered on a new device (such as when a hacker tries to use it), you must enter a code sent to you via text or generated with an app. The code can only be used once and is valid for a very short time. So even if a hacker steals or guesses your password, they’re not likely to be able to get into your account.
Using SMS (texts) for this is commonplace and handy because it doesn’t require an app, but SIM-jacking and other techniques can sometimes allow hackers to target individuals and access their texts, making this less secure than using a 2FA app like Auth, Google Authenticator, or Duo Mobile.
Apple has its own 2FA system for your Apple ID, which you should definitely have enabled since many Apple services require it. Here’s how to set up 2FA with your Apple ID. You’ll want to enable 2FA on every other account you have, especially bank accounts and accounts where you can make purchases (like game services). Check out our guide to getting started with 2FA for more.
And if you want the utmost security, you can lock down your Apple ID with a security key if you’re running iOS 16.3 or macOS Venture 13.2 or later. Instead of a code, you’ll have a physical key (two actually) that stores your authentication and is impossible to steal or spoof remotely.
Use Passkeys
Since the introduction of iOS 17 and macOS 14 Sonoma, your Apple ID can support passkey authentication.
This means that anywhere you need to sign in with your Apple ID, including websites and icloud.com, you’ll have a new option alongside the usual standard password login method. If you press a “Continue with Apple” button you will be able to scan a QR code with your iPhone’s camera and this will allow you to log in.
Read more about using passkey in: How to use Passkeys on your iPhone, iPad, and Mac.
Includes additional reporting by Michael Scalisi.