Security experts have said that if you can remember your password, it’s not strong enough. As hackers become more sophisticated, passwords become less effective. Many organizations—including UCLA—now offer multi-factor authentication (MFA), which relies on additional credentials besides your password. But what do you do if a site does not offer MFA, and a password is the only safeguard between your personal information and the criminal underworld?
Make your passwords as long as possible. The longer it is, the harder to crack. It should be at least 14 characters or longer. One technique is to create a passphrase instead of a password: string two or three non-related words together. These should be words that you cannot find in the dictionary. Be sure to add numbers, symbols, and upper- and lowercase letters to your password.
Use a different password for every account. It might be inconvenient, but if one of your accounts is compromised, your others will still be safe.
Consider using a password manager. This software can generate incredibly complex and impossible-to-remember passwords for all of your accounts and store them in a virtual “vault” that usually resides encrypted on your hard drive. If you use a password manager, you need only remember one master password to log into it—but this password must be an excellent one. If someone is able to hack into your password manager account, all of your accounts will be at risk. Look for a password manager that offers MFA.
*Bonus Tip: Give Unpredictable Answers to Security Questions. Try answering security questions in an unexpected way. For example, if you’re asked for the make of your first car, you might answer, “Chocolate.” Hackers who already have your password will be much less likely to guess your answers and gain access to your account.
These tips will help you create a strong password, but the best protection is always to use MFA (also known as two-factor authentication or two-step verification) wherever it’s available. There is no substitute. MFA requires at least one other factor besides your password to gain access to an account, such as using a designated smart phone app to confirm each login attempt, or entering a code texted to your phone. Numerous sites now offer this extra layer of security, including Google, Microsoft, Apple, Facebook, and Evernote. (This website can tell you who else is using it.)
Sign up today for MFA—UCLA’s two-step verification solution—and check your other accounts to see if it’s an option. The extra step is worth the effort.
