illustration: UnitoneVictor/iStock

Our Latest Advice for Creating Account Passwords That are Hard to Crack

By Misty Harris

Forget what you think you know about passwords—changing them every 90 days, making them super-complex or using special characters in lieu of letters. While none of that is wrong per se, it can result in passwords that are hard for you to remember and easy for increasingly sophisticated bots to guess. The good news: Creating account passwords that are hard for hackers to crack is simpler than you think. AMA’s Enterprise Technology team has your back, with five key ingredients to outsmart online bots and bandits. 

Avoid using the same password for multiple sites. A security breach of one site would then compromise your accounts on others. You wouldn’t have a single key for your vehicle, house, mailbox and safety deposit box, so why take that same risk online? (And no, adding “Twitter” to the end of your Twitter password, or “Instagram” to the end of your Instagram password, doesn’t earn you points for variation!) 

Complexity is valuable, but length matters most. Long passwords are much harder to crack than short, overly complicated ones. Modern computers can cycle through as many as one billion password combinations per second, taking just two hours to crack an eight-character alphanumeric password. By increasing your password’s length to at least 16 characters—and preferably to between 20 and 30—you make it harder to break.

Smart home security to keep you safe and sound

A password isn’t useful if you can’t remember it. While some complexity is good, you need to balance security and recall. Just be sure to avoid anything that can be found online, like the name of your child or pet. AMA’s Security team recommends creating a funny passphrase instead of a password, as humour helps make it memorable. For example, “TeenageMutantHorsesFromMars” or “MagnumPIWantsToDateMyMom.”

Most people reuse passwords to avoid having to remember too many—a practice that exposes them to greater risk. A password manager can help you keep track of everything. These apps store your encrypted login information for every website, help you generate stronger passwords and only require you to remember a single master password—the one for the password manager itself.

Introducing the digital pink card for AMA auto insurance

Multifactor authentication is when two or more data points are needed for access—like a login and password plus a code sent to your phone. Wherever this extra layer of security is an option, enable it. On the other hand, security questions can make you more vulnerable if your answers are easy to guess. Try bookending your answers with words only you know. If your mother’s maiden name is Smith, you could bookend it like this: CoffeeSmithFiend.