NEWSWEEK.COM 13
reason: Longer passwords are much 0.29 milliseconds to figure out, but chief operating officer of the Identity Theft Resource Center. The simAim to have your password stretch to 12 characters or more, says James Lee, harder to crack.take hacking software as little as Bigger really is betterA seven character password can ple
nearly two centuries, according to and it would take hackers more than research from software and technol-ogy consultant BetterBuys based on data from Intel and password crack-ing tools. Up the ante to 24 characters a 12-character password could take 18 mfrom the University of Wtest how quickly your password can illion years, according to data isconsin. To
interactive tool, “EstimRather than creating a new pass-changes. Just stick with the samword-Cracking Times,” on its website.Change only when necessarybe cracked, you can use BetterBuys’ word every 30, 60 or 90 days, NIST now recommends you avoid frequent password, unless you think it has ating Pass-e
password numerically. It wasn’t add-ber passwords or just adding to their basis is too hard for people,” says Dukes. “Ming any security value.”password down, using easy to remem-become compromised.check the website Have I Been Pwned “Changing passwords on a frequent Instead, he recomost were writing the new mends you
(haveibeenpwned.com) regularly to see if you have an account that has been compromised in a data breach. If so, create new passwords just for the affected accounts. And anytime you hear of a cyber attack on a company you do business with, that’s a signal to alter your password, says Levin. You can also check whether any of yoursong results in a password that looks seems impossible to remember at first, like this: yigtmOne of the easiest ways to recall a Don’t get too personalof each word of these two lines of the but sing the song in your head and the password will come to you easily.password is to relate it to something httotrigrticnm. It
already meaningful to you. Hackers know this and count on it, often using public records, social mprofiles and other leaked data to learn significant dates (birthdays, anniversaries), names (pets, spouse, kids, maiden surname) and numbers edia
(phone, addresses, Social Security) no relationship to anything in your that mwords.“Your password should have life,” says Levin.ight crop up in your pass-
password to access all your other accounts.”ţ2QFHKDFNHUV˽QGtry using that same one login they can access, they will^