NICEVILLE, Fla. — In this week’s It’s Geek to Me, Jeff Werner continues his two-part discussion on good and poor password practices, explaining how modern tools and smarter habits can make your online life far more secure.
Niceville.com Community Partner
Geek Note: Today’s column is the delayed Part Two of the two-part series on good and poor password practices that began two weeks ago. If you missed Part One, click here. That issue covered the dilemma of choosing convenience over security and the common mistake of thinking your password is clever when it’s not. This column picks up where that edition left off.
The third dilemma is one that’s often outside of the control of end users and is imposed by well-meaning IT directors or others responsible for enforcing cybersecurity. Specifically, it is the outdated practice of forced periodic password resets.
Conventional wisdom once held that regularly changing passwords improved security, but experts such as the U.S. National Institute of Standards and Technology (NIST) now advise against it. Requiring users to change passwords frequently encourages predictable sequences like “Pa55w0rd,” “Pa55w0rd1,” and “Pa55w0rd2.”
Rather than improving security, this weakens it and often causes people to write passwords down, creating even greater risk.
Niceville.com Community Partner
Modern password security is less about complexity and more about length and uniqueness. It’s time to embrace passphrases instead of passwords.
The longer the phrase, the harder it is to crack. Forget the short jumbles of random characters and opt for long passphrases—ideally 16 characters or more. A phrase like GeekHouse77BatteryStable is the equivalent of 192-bit encryption and far easier to remember than A1b@%5fT.
Choose random, unrelated words or numbers, and add symbols or spaces if the site allows.
Another essential safeguard is Multi-Factor Authentication (MFA), sometimes called two-factor authentication (2FA). This adds another layer of security beyond your password—something you have, such as a temporary code sent to your phone or generated by an authenticator app.
Even if your password is stolen, MFA prevents access without that second factor. Enable MFA everywhere it’s available, especially for email and banking.
Niceville.com Community Partner
Finally, consider using a password manager. A reputable password manager generates long, unique passwords for each account and stores them securely.
It removes the need to write passwords down or remember dozens of them. Many managers will even alert you if your credentials appear in a data breach. You only need to remember one strong master password to access your vault, making this the safest and most practical way to manage credentials.
There you go, Geeks. Adopt these practices to stay safer online.
To view additional content, comment on articles, or submit a question, visit my website at ItsGeekToMe.co (not .com!)
Jeff Werner, a software engineer based in Niceville, Florida, has been writing his popular “It’s Geek to Me” tech column since 2007. He shares his expertise to help readers solve everyday tech challenges.
