You’re really bad at picking passwords. Don’t worry, most people are. In fact, hackers can usually guess your password because most people pick common, simple, and insecure passwords.

Short passwords that contain obvious words are easier for hackers to guess. Hackers can simply try any of the most common passwords first and, if that fails, they just use a program that tries random words or common sequences of numbers. 

The longer and less common your password, the harder it is for hackers to guess. Most people choose short, simple, obvious passwords because they are easy to remember. Long, complicated passwords are harder to guess, but are also harder to remember. That’s why you shouldn’t use a password; you should use a passphrase. A passphrase is a short sentence that’s easy to remember but, hopefully, is hard to guess. 

Use Two-Factor Authentication

Even if you don’t give out your password and you use a good passphrase, it’s only a matter of time before a hacker gets your password. Hackers steal millions upon millions of passwords every year—through no fault of the users that lose them.

That’s why you need a second line of defense: two-factor authentication. Think of your password as a key that unlocks the door to your computer and your online accounts. If someone steals that key, they can unlock that door and walk into your system, stealing or wrecking anything inside.

Two-factor authentication is like installing a deadbolt lock above the lock already in your computer’s door—a deadbolt that uses a different key from the door itself. Thus, if a hacker wants to get inside your computer, they would need to steal two different keys.

Where the analogy breaks down is that two-factor authentication isn’t about using two different passwords. Two-factor authentication uses a password and then some other piece of information stored separately from your password.

For example, many modern laptops include fingerprint readers, which require you to enter a password and scan your forefinger or thumb to access the system. Services like Gmail or Twitter can send special codes to your smartphone—either by voice call, text message or through an app—which you must combine with your password to log in.

With two-factor authentication, a hacker has to do more than steal a list of passwords from a server somewhere to hack into your computer. Hackers would need to steal your password and physically steal your smartphone (or your thumb) to get into your computer, and that is far, far less likely.

If you’re an IT admin looking to gain even more helpful tips, check out our recent eBook: The IT Admin’s Checklist for Complete Office-Wide Computer Security. To help end users better understand the value of safety over convenience, check out this guide packed with information on password and email best practices, as well as web and network security do’s and dont’s. Download it today!