Yes Virginia, you do need a password. And because passwords are being cracked by high-end machines running sophisticated password cracking programs, it need to be both long and complex, and ideally, unique to each site or device. How long? At least ten, to maybe as many as fifteen characters is ideal. A six or seven character password can be cracked in hours or days; a password of ten or more characters requires decades or centuries. A strong password cannot be a word that can be found in any dictionary, and uses a mixture of capital and lowercase letters, numbers, and symbols. A simple but memorable way to create unique passwords is to start with a ten character base password that is contained in every password you create, and begin or end the password with something that is easy to remember about the particular site or device. Or you could use a password program such as Keepass.

Many web services are beginning to offer two-factor authentication. If it is available, you should use it. This generally defeats remote attackers. For example, when making certain changes to my Google account, they will send a text message to my cell phone that I need to enter into the web site to confirm my identity and complete the change. As another example, my bank has me enter my user ID on one page, my password on a second page, then answer my secret question on a third, and lastly, shows me an image that I selected when setting up my authentication. The first three steps prove to them that I am legitimate. The last step, the picture, proves to me that they are legitimate. No fake look-alike site is going to know what picture I chose. When you have these sorts of options, I encourage you to take them.

Never give your password out to anyone, even if you called them, and you are pretty sure they are legitimate. With all the call centers in foreign countries, you just never know where that information is going to end up at the end of the day, not that you can trust domestic call center personnel with this information, either.

Using the same password everywhere is a very tempting practice, I’ve known many people who do this.  The problem with using a single password for all those web sites is that if they compromise one account, like an email account, before you know it they are running up charges on your Amazon account, or in your Facebook account, or even your bank account.  The message – do not use one password for all your sites.

Good passwords the best safeguard we have to keep strangers out of our online lives.  Make sure yours is long and complex.  A fun place to test out your password is Passfault.  Test your current password, and then create a new one that will really protect you.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.