Needless to say, if it’s exposed in a data breach, you still need to change it immediately.Įven tech minimalists have myriad passwords to remember these days, for everything from bank accounts to Pinterest. You’re more likely to set a good long password if you know you're going to use it for a while. On the flip side, experts now say that you don’t need to change your passwords on a regular basis. Picking something different makes things harder for attackers, she says. Many apps and websites no longer require you to use your email address. While apps and sites are getting better at stopping people from using the passwords most frequently uncovered in data breaches, she says people still find ways to use variations of them.Īnd that warning now goes for your username, too. One common mistake many consumers make is using easy-to-guess words, says Tonia Dudley, strategic adviser at Cofense, which specializes in anti-phishing technology. (Though it’s better to choose a phrase only you know.) Try stringing them together using an easy-to-remember phrase: Thequickbrownfoxjumpsoverthelazydog.
The more characters, the harder the password will be to break. Ideally, a password should be composed of a long string of characters. Hackers like to go for the low-hanging fruit and try the obvious options first.Īnd despite years of warnings from security experts, “password,” or a slightly modified version of it, remains one of the most common passwords out there. “Password123” may be easy to remember, but it’s a disaster when it comes to security.