There are a variety of account protection techniques in place working behind-the-scenes to make sure your account is properly authenticated and safe. Outside of these measures we've implemented, you can ensure your account is secure by creating a strong password. Below we break down a few myths around password creation and provide some tips on how to create a strong password.

Requiring a minimum length and certain character combinations guarantees a strong password.

The above metrics are unreliable for measuring password strength. Instead, our system measures the mathematical entropy, or randomness, of passwords and requires that calculation to meet a secure threshold. This calculation is a more accurate measure of how difficult a password is to crack and doesn't permit insecure passwords.

It's appropriate, or even more secure, to limit password length and/or the types of characters it can include.

Although a common practice, arbitrarily limiting passwords to a certain maximum length or restricting what characters/symbols it can include automatically weakens the password. Our system never imposes these limits.

Replacing letters with similar-looking numbers (e.g., 0 for the letter 'o' or 3 for the letter 'e'), and/or spelling words backwards (e.g., the word 'password' becomes 'drowssap'), makes a password harder to crack.

These techniques have negligible effects on the difficulty for computers to crack, yet make it considerably harder for humans to remember. People then often reduce the complexity of the password to compensate for the difficulty in remembering it, resulting in a overall weaker password.

In addition to the above, to create a strong password, avoid using the following:

When creating a password, you could make it stronger by adding a combination of upper and lowercase letters, non-sequential numbers, and special characters. However, the best passwords are phrases—they’re especially easy for humans to remember but very difficult for computers to crack (check out this famous comic to see why). The phrase can include unrelated words, a song lyric, short quote, or something else that is meaningful to you.

Ideally, a password should never be used on more than one website. But, with the plethora of websites and services a person generally uses, remembering all those passwords would be nearly impossible. Therefore, it's best to use a password manager to generate random passwords for each website and store them all securely. We at HOA Express use 1Password, but there are many great options.