A man types of a laptop computer as he creates a strong password for online accounts.

The Anatomy of a Strong Password

07/10/2020

Curious how to make a strong, secure password? From rotating passwords to using special characters, understand the anatomy of a strong password here.

An increasingly connected world means you can run your business, your home and your personal life through a series of websites and apps. While waiting for an appointment, a business owner can use their smartphone to approve invoices to be paid with a bookkeeping app, purchase a birthday gift for their office assistant with a shopping app, and watch an educational video with a training app. But to completing each of those tasks requires a password to log in to each app.

Today’s business owners have passwords for everything—bank accounts, computer systems, cloud-based software, remote door locks and thermostats. In many cases, a strong password is the only thing keeping your financial and other important data secure. But faced with password overload, many business owners use the same password for many different sites or use basic, easy-to-guess passwords.

To maintain financial and data security, it's important for business owners to develop passwords that are truly foolproof—and figure out how to keep track of all their different passwords.

The Value of Quality Passwords

Hackers and cybercriminals want username/password combinations not only so they can access financial accounts and steal money, but also so they can sell valuable information such as healthcare records, company data, customer information and other personally identifiable information that makes it easy to commit identity theft. And many of them have succeeded: There are more than 2 billion username/password combinations circulating among hackers as a result of several data breaches in recent years.

If you’re still using an old password, hackers may have access to your account. And if you’re using easy-to-guess passwords such as “password,” “123456,” or your name, your accounts are an easy target for hackers. You can check to see if your email and other identifying information has been leaked by hackers by visiting this Info Leak Checker.

It’s a good idea to take time to check your passwords and create new ones that are difficult to guess and can help keep your accounts secure.

Once you're ready to level-up your password skills, there are a few critical components to consider in building more secure log-ins. Consider the following questions about each new password:

Is Your Password Long Enough?

Cybersecurity experts recommend that every password should include at least 12 characters. Those characters should include a variety of letters, numbers and symbols, and a combination of capital and lower-case letters.

Rather than using actual words, consider password phrases that combine words, numbers and symbols to result in unique passwords. For instance, you might use an acronym as a hard-to-guess password. For instance, “The Chicago Cubs won the World Series in 2016” would become TCCWTWSI2016.

You could also use a combination of words that may be meaningful to you but wouldn’t be to most people. Say your grandfather, who was born in 1936, called you “Little Dove” as a child. Your password could be littledove1936, or even littledove@1936. Because it’s a phrase, it’s easier to remember than just a string of disconnected letters and symbols.

Is Your Password Unique?

Once you’ve landed on a good, strong password that’s easy for you to remember but difficult for others to guess, it’s tempting to use that same password over and over. But that’s not a good idea. Rather than using the same password on numerous sites, it’s important to use a unique password on each site or account. That way, if one of your accounts is compromised, such as through a data breach at one of your social media sites, all your other accounts will remain secure.

If it seems too difficult to remember so many unique passwords, consider using a password manager such as LastPass, Dashlane, 1Password or KeePass. These tools charge minimal fees (such as $20 to $40 per year) to keep track of all your passwords. They can help you develop simple and secure passwords and remember them all for you—and they’re safer than storing all your passwords in your internet browser.

Are You Rotating Your Passwords for Different Accounts?

In addition to using different passwords for different accounts, it’s also important to avoid the temptation to keep using the same password for years and years. The most secure passwords are those that are regularly updated.

Some of your accounts may require you to update your password on a regular basis, or they may recommend a password change from time to time. When a site recommends a password change, always update the password.

Even when a site or organization does not require or recommend a password update, it’s a smart idea to take the initiative to update your passwords on a regular basis. You can set reminders on your calendar to make sure you remember when it’s time to update.

But not every password you have must be updated on the same schedule. For critically sensitive sites like internet banking, investment accounts or cloud bookkeeping, set new passwords at least every 90 days. For less sensitive sites, such as Netflix or your professional association, you can rotate your password about once a year.

Living in an increasingly connected world means you can have the convenience of managing your business and your life from your computer or your phone, no matter where you are. But it also means that your password may be the only thing that comes between your bank account, health records or business data and a would-be cybercriminal. That’s why it’s crucial for business owners to take their passwords seriously, always making sure their passwords are long enough, unique enough and rotated regularly enough. When you protect your passwords, you will be able to protect your identity, your finances and your business.

Read more from Fifth Third about how to build a stronger, more protected business here, or by contacting your Fifth Third banker.