Passwords: Barriers to Entry

Why Your Password Strategy is Broken

If you're like most people, you probably have one "good" password that you use everywhere, maybe with slight variations. When one account gets compromised, hackers don't stop there. They'll try your email and password combination on hundreds of other sites. One breach becomes dozens of compromised accounts.

Stop using personal information (names, birthdays, pet names), simple patterns like "Password123", and never reuse passwords.

What Actually Makes a Strong Password

Forget everything you think you know about password requirements. Length beats complexity. A 20-character password with just letters is stronger than an 8-character password with symbols. Every account needs a completely different password. No dictionary words, no personal information, no patterns.

Good examples: "CorrectHorseBatteryStaple" or "PurpleElephantDancing42". Bad examples: "password123" or "MyDogRex2023!".

Password Managers

"I can't remember hundreds of unique passwords!" You're absolutely right, and that's exactly why password managers exist. One master password unlocks everything, generates unique passwords for each account, auto-fills login forms, and syncs across all your devices.

Two-Factor Authentication

Even with a strong, unique password, you're still vulnerable if that password gets compromised. Two-factor authentication adds a second layer of security, something you have (like your phone) in addition to something you know (your password).

SMS text messages are easy to set up but can be intercepted. Authenticator apps (Google Authenticator, Microsoft Authenticator, Duo, etc.) are more secure and work offline. Hardware security keys are the most secure but cost money. For most people, authenticator apps are the sweet spot.