October is cybersecurity month, so let's take a moment to talk about passwords.

Many security experts insist passwords are dead. I won't jump into that argument at the moment. The fact is that passwords are used in almost every business in the world as a first line of defense in keeping unauthorized users out of their systems.

Since passwords are not likely to go away any time soon, let's take a moment to talk about what makes a strong password.

Most organizations require passwords to be complex (upper, lower case, numbers, symbols), but users are creative and come up with passwords that meet complexity requirements and are still very easy to hack. Like these:

Spring2021?

LetMeIn!

Password1234.

These are examples of passwords that are very commonly used and easily guessed. In fact, there are lists on the Internet of millions of passwords - some commonly used, some stolen. So, your password may be easily hacked, which makes it completely useless.

The image below shows the approximate amount of time it takes an attacker to crack various types of passwords and provides guidance on what a good, uncrackable passphrase might look like.

Instead, think of using a passphrase -

A passphrase is longer but you can make it something you can easily remember.

Things like:

Mountain photos - Christmas 2016

Milk Butter Eggs 2? Flour Salt

Choose a strong passphrase, use different ones for different accounts, and change them from time to time.

Don't use the same password for your important accounts. If one gets hacked, all your accounts could be hacked.

Put a reminder in your calendar for 90 or 180 days and change your passwords to your bank account, your mortgage account, your retirement account, your credit card company, and any other account you really want to keep the bad guys out of.

Happy Cybersecurity Month and stay safe!