Often, your password is the only thing standing between your private data and a hacker’s prying eyes. Secure password practices are one of the best ways to protect yourself online. Poor password practices leave you vulnerable to devastating cyber attacks. Read on to learn password security best practices, as well as the habits that leave you exposed.
Characteristics of a Strong Password:
- It uses uppercase and lowercase letters, numbers, special characters
- It’s long
- Not used for any other accounts or sites
- Not written down anywhere else, like on a notepad in your desk
- They aren’t shared with anyone else
- You’ve never used it before (this includes any variations)
- It does not include data such as birthdays, anniversaries, or answers to security questions
By creating passwords that include the characteristics above, you make it much more difficult for someone to guess your password. You also greatly increase the amount of time it would take for a password cracking algorithm to use brute force to work out the correct password to access your accounts. Tools such as How Secure Is My Password? Show you the amount of time it would take a computer to crack your password. The longer and more unique your password is, the less likely a hacker would be willing to spend time cracking it. They will move on to easier prey.
Avoid Poor Password Hygiene
You might be wondering why you can’t just use one strong password for the majority of your online accounts. If someone figures out this password, they would then have access to all the accounts using that password.
The biggest complaint users have is that it is hard to keep track of all their passwords, especially when they are long and randomized. Your passwords should not be written down in a notebook, and they should also not be stored in a document in the cloud or on your computer. Passwords need to be encrypted when you store them. It can also be tempting to share passwords within your organization, and people even do this via email! These poor password habits put your organization at risk. So, how can you alleviate these risks?
Eliminate poor password hygiene with the following tips.
Use a Password Manager
Password managers store all your passwords safely with two-factor authentication and can also generate secure passwords for you. We recommend encrypting your passwords with a manager such as LastPass, Dashlane, or Apple Keychain. Most password managers have free services for certain feature sets, making them very accessible to the average user.
Avoid Phishing Attacks
Phishing attacks often come in the form of an email. In some cases, these emails seem to come from a trusted source and ask you for login information in a way that seems urgent. If you receive an email asking you for login information, do not give it or click any links. Instead, go to the real company’s secure website and enter the necessary information if it is truly needed. Learn more about how to spot and avoid phishing attacks by reading this blog.
Use Two-Factor Authentication
In all instances where you have the opportunity to set up two-factor authentication for a login, you should. Two-factor authentication uses your password in tandem with either a code that gets sent to your phone or email or with biometric data. Two-factor authentication prevents someone who discovers your password from successfully logging in.
By following these recommendations for strong password practices, and avoiding the aforementioned vulnerabilities, you increase the chance that hackers will give up on you and move on to target lower hanging fruit. Remember, these are all security measures, not a failsafe. We advise training employees in good password hygiene, as it only takes one weak link to compromise your entire organization. Weak passwords are not the only cybersecurity threat, find out the most common cyber threats in 2022 by reading our blog.