Your clocks aren't the only things worth changing in the fall.
Daylight Savings Time recently ended, and we "fell back" an hour to Standard Time. In addition to changing your clocks and the batteries in your smoke detectors, now is a great time to reset your passwords.
Do you need to change all of them? Not necessarily. You should change any passwords where you use the same user ID and password across multiple sites, which may not have the same level of security implemented. For example, if you use the same user ID and password for your gardening forum as you do for your email account, change your email account to something unique.
You should also change any passwords used on an unfamiliar computer. Did you look up your bank balance while on your friend's computer? Change that password.
Finally, you should change old passwords to implement better password policies--for example, replace “password123” using some of the password tips below.
The longer the better: A longer password such as "AndTheCowJumpedOverTheMoon" is more secure against a brute-force attempt to crack than a shorter but more complex password like “MyP@ssw0rd.” Aim for 16 or more characters using multiple words. Avoid using a long single word, as it would be vulnerable to a dictionary attack. Instead, create a memorable phrase or even a nonsense word, as long as you can remember it. You can add complexity with numbers and special characters to a longer password for even more security, but more complexity can become difficult to remember.
Use unique passwords as much as possible: If someone acquired your login and password to one site, what other sites could they log into, and what could they do? Could they make purchases on your credit card? Glean information about you to use as blackmail or harass you? If nothing else, your email password should be unique and not used anywhere else online. Unique passwords should also be used for your bank, any website where you have stored your credit card or bank account information, and sites such as Facebook that have copious amounts of personal information.
Use two-factor authentication where available: Two-factor authentication sounds complicated but is quite simple: When you enter your password into a site that has two-factor authentication enabled, a second form of authentication will occur. This usually entails a security code being sent via text to your phone or an alternate email address for you to enter. Many major sites now offer this as an opt-in feature.
Use a password manager: Using a password manager eliminates the need to remember your various user IDs and passwords, allowing you to have long, complex, and unique passwords to as many websites and services as you like. Whether you choose a paid or free version, it should support two-factor authentication and, if you ever find yourself logging in from more than one device, sync across multiple devices such as your computer and your phone. Most password managers will also offer the ability to designate an emergency contact that will be given your logins and passwords in the event of your incapacitation or death.