Passwords are the very foundation of all modern cyber security. We use them for our mobile devices, websites, email, and everything in between. Because of this, having strong passwords is crucial to keeping the baddies out of your computer and data. This is especially true when it comes to patient data. But because we have so many passwords to remember and choosing strong passwords is hard, humans don’t create passwords that can withstand attacks. Below are 3 rules to help you make your passwords strong and keep all of the Internet’s nasties out of your data (I’m looking at you Russia, China).

Rule 1 – Thou shalt NOT re-use thine passwords

This is, by far, the most important rule. Most people will use the same password, or a variation of the same password, on all of their sites. For example, Winter2021! will be the password they use to log into Windows, their online banking, Amazon, and a host of other websites. So why is this so bad? When one of these sites is breached, the hacker will have your email address and password. The first thing a hacker will do is try that same password on as many common sites (Facebook, Instagram, Amazon, etc.) to see which ones they can get into. They know they likely have a short amount of time until the breach is known and they want to get into as many new accounts as they can. So this means that some site you signed up for 2 years ago and have long since forgotten about could be breached but because you used the same password on Facebook, your Facebook account can now be hacked. Facebook wasn’t breached but the password reuse is what led you to be compromised.

Here is a good site for you to see if your email address has ever been used on a site that was breached:

Have I been pwned 

                                                                                                              Have I been pwned home screen

Simply type your email address into the blank and click pwned?. You will be shown a list of the breaches your email address was discovered in. You might be surprised at the results. This is why password reuse is so bad. It can lead to multiple breaches even if you have a super-strong password.

Rule 2 – Thou shalt not use simple passwords

This is the next rule. Humans have a hard time remembering passwords so we tend to choose things like the above Winter2021! thinking this is a good password. It has upper and lower letters, numbers, and punctuation. But hackers know how humans think and this is a very easy password to break. The old ways of 8 characters, letters, numbers and characters don’t work anymore. I’m going to show you a new technique that makes strong passwords that are also easy to remember.

Choose 4 random words that have no connection to each other. For example, eagle banana snort toe. Put all 4 of those together into one password and it is now 19 characters long. This is extremely strong and easy to remember. However, if you are required to use numbers and characters, make a couple of small changes –  eagle bAnana sn0rt toe$. This password would pass any rules that you were required to follow when choosing passwords. If you want to go a little easier, choose 3 words rather than 4 but with passwords, the longer it is, the harder it is to crack. Don’t use passwords of less than 12 characters.

Rule 3 – Thou shalt not use passwords that are easy to guess

Many people choose passwords that are in some way connected to them. Birthdates, anniversaries, children’s birthdays, pet’s names, etc. Hackers know this. I love seeing email addresses like mustang0621@gmail.com because now I can guess this person loves Ford Mustangs and their birthday is June 21st. That gives an attacker a lot of insight into a target. In addition, people share way too much information on social media and there are hacker tools that can scrape social media profiles to build word lists for password cracking. It is effortless and just takes time to do. Don’t use passwords that are in any way connected to you. If you follow rule 2 above, this won’t be an issue.

Following these 3 rules will give you a great deal of security. However, I will share 2 more with you to put you at that next level of security.

Use a password manager like LastPass. It is free, integrates onto your devices and computers, and will generate completely random passwords for you for every site you use.

Use two-factor authentication for any site that will allow it such as Facebook, Instagram, and Amazon. This will make it nearly impossible for hackers to get into your account even if they have your password.