Why Your Passwords Should be at Least 24 Characters Long

Earlier this month, my company, along with 1.2 billion other websites, was targeted by Russian hackers utilizing a massive "bot" attack. These bots aggressively attempted access to websites with username and password options.

Continue Reading Below

Fortunately, we have very robust and secure servers preventing any harm to our infrastructure or members. But not every company can make that claim. Attacks like this serve as a good idea that it’s not enough to password-protect everything. You must create strong passwords that make it hard for hackers to get what they want.

Here are two simple rules to follow when developing hacker-proof passwords:

Rule No.1: It’s Not Just About Your Password, You Also Need a Strong Username

Too many people use their email address or first underscore last name as a username to make it easy to remember. Well, that also makes a hacker’s job easy.

Here's the deal: Your username is part of a security access system and should be considered critical security access code. When you see “username” think “code name.” Your email address is not a very good code name.

We recommend that your username never be associated to your personal information like first or last name, email address or phone number. Here are some good examples of strong code names: BlackJack, SilentHammer, LandShark, NinjaSmoke.

Be creative and develop usernames that are just as unique as your passwords.

2. It’s All About the Number of Characters

The internet is flooded with guides on strong password development, but you must always plan for a worst-case scenario. For example, a rogue Russian network of hackers decides to penetrate all your access points within the world wide web. They are armed with a super computer that can "brute force" access all your personal and financial information. A brute force attack can not be stopped.However, it can be delayed for 40-plus years with the right passwords.

Most super computers can run every character on a keyboard 500 time a second, allowing it run thousands of combinations of characters per minute. So using a # or $ in your password doesn't really make a difference when a computer is running all characters 500 time a second. It’s not the complexity of a password that makes it hard to crack; it’s the length of the password. The more characters in a password, the longer it will take for a super computer to run through all the possible combinations of characters.

We recommend a 24-character or more password. Sounds crazy, but here are some examples to decrease the stress of it all: HarleyDavidsonStarbucks!!!, FireEarthWindWater4Life!#!. Long passwords with a combination of uppercase and special characters increases possible combinations exponentially, therefore taking a super computer upwards to 40 years to run all possible combinations.

Here's the bottom line: Strong usernames combined with long passwords will increase the security of your online life exponentially.

Clinton Emerson, founder of Escape the Wolf. Escape the Wolf bridges the gap between crisis and the unknown with preemptive personal security solutions. We empower you with security tactics and products that mitigate threats, decrease exposure to crisis, and increase survivability. We want you to be more confident, more aware, and ultimately more secure.