So, you’re signing up for yet another online service. It’ll probably ask you to choose password with rules like:
- Must have at least eight characters
- Must have at least one number
- Must have at least one symbol (e.g., #, {, @, !, ?)
But these rules alone are not enough. The cold, hard truth is, it doesn’t matter how long or complicated your password is—if you’ve used it before, it’s not a good password.
Why you need unique passwords
To understand why you should never use the same password twice, you need to know a little bit about how brute-force password cracking works.
Bad guys don’t just guess random passwords. They guess from huge lists of passwords stolen from other companies, trying hundreds of millions of passwords a second. These lists grow larger every day as more and more companies fall victim to hacks, data breaches, and leaks.
Let’s say a hacker is trying to get into your bank account. Banks like to boast about their state-of-the-art security systems, how strong their encryption standards are, how dedicated their fraud department is, etc. But it all means nothing if your password is the same one you used last year to sign up for a mobile game whose parent company was just hacked.
Data breaches are unpredictable, and increasingly common. You simply can’t be sure one of your old passwords won’t end up on a hacker forum tomorrow. What you can be sure of, however, is that none of those passwords will work on any of your current accounts—as long as you’ve chosen new, unique passwords for each.
Why you need strong passwords
Of course, it isn’t enough to simply have passwords that you’ve never used before. To avoid being the victim of brute-force password cracking you need to have passwords that no one has ever used before.
You probably don’t have time to check your new password against a list of every password in history, but what you can do is make sure your password is long and difficult to guess.
Increasing the length of your password is the easiest trick. Just one extra character will exponentially increase the time it will take to crack a password by brute-force.
For example, any six-character password can be cracked in around two minutes with an average computer. For seven characters, 17 minutes. And for eight characters, three hours. ExpressVPN recommends passwords of at least 17 characters, which would likely take hundreds of thousands of years to crack by brute-force.
Length alone is often not enough, however; they must also be difficult to guess. In targeted attacks, password crackers can use dictionaries and natural language corpuses to guess passwords from common words, phrases, quotations, etc.
That doesn’t mean they necessarily have to be a random string of characters. Strong passwords can have words inside (like the famous “correct horse battery staple” example*) but those words should not be semantically related to each other. Easier said than done!
*Note that “correct horse battery staple” is not actually a good password as it has been publicly referenced on the internet for years!
Tips for creating a strong, unique password
There are tons of tips and tools available to help you create strong, unique passwords. But here’s our best advice:
If you just need one or a few passwords, use ExpressVPN’s Random Password Generator.
If you need new passwords for all your online accounts, consider getting a password manager. A good password manager will not only help you generate strong, unique passwords for as many logins as you need and store them securely, it will keep them all accessible through a single, primary password (sometimes called a master password).
If you already have a password manager and want to create an ultra-secure primary password, we recommend Diceware. Diceware is especially secure because it operates offline, uses real dice for randomness, and generates an easy-to-remember passphrase.
Make sure your ExpressVPN password is unique!
Are you using a unique password for ExpressVPN? Take this opportunity to do a password security check.
When in doubt, start fresh. Follow this guide to update your ExpressVPN password now.
Comments
I’m so grateful that l have Express VPN. Is been a long journey for me, and you been there to tackled scams, despise that l didn’t have much knowledge about iPhone, or iPad. I learned not to be vulnerable because my honesty. A million thanks!