Passwords are the keys and locks to everything in our digital lives, which is why it is so important that they are strong and safe. However, password strength is still an ongoing problem, with many people using weak or common passwords and using the same password for multiple accounts.
Here at SecureTeam, we have extensive experience working as cybersecurity consultants and have decided to pull together all of our knowledge to help you set strong passwords and manage them securely in a single, easy to use guide.
How Weak Passwords Can Compromise Your Data
The first question you should ask yourself is, how many online accounts do I have? The answer is likely to be over 100 once you count all of your social media, email accounts, streaming and banking apps. If your password is weak and compromised, it can lead to all sorts of problems, such as data breaches or even identity theft.
With over 555 million stolen passwords available on the Dark Web, it is essential that you follow some common password best practices to minimize the risk of your data being exposed. Here are 8 steps that we recommend to keep your passwords strong and secure.
Use Longer Passwords
When it comes to having a secure password, having a longer password length is often more effective than complex passwords. You should be using a password that has a minimum of 12 characters. In fact, a longer password that only consists of lower-case letters can be more secure than the perfect combination of alphanumeric gibberish that is only six characters long.
Usually, just two additional characters can make up for a lack of special symbols, numbers and upper-case letters in your password. Of course, a password with over 12 characters AND symbols, numbers and a mix of upper and lower-case letters makes it that much harder to attack via brute-force methods.
Avoid Common Words & Phrases
As we mentioned above, it is still important to mix up the content of your password. 111111111111 might have 12 characters, but that password length will yield diminishing returns thanks to its simplicity. Longer passwords that are based on simple patterns will put you in just as much risk.
Avoid using common words (also known as dictionary words) like “password”, passphrases like “mypassword” and predictable character sequences like “qwerty” or “asdfg”. This protects you from a “dictionary attack” which attacks users’ passwords by testing for real words very quickly in the hope of getting lucky.
In addition, avoid common sports and pop culture terms. Also, avoid using your name, nickname or anything associated with you that could be found out from your social media. The goal, after all, is to create a password that someone else won’t be able to easily guess.
Don’t Bunch Your Special Characters Together
Many sites now require you to use passwords with a combination of uppercase and lowercase letters, numbers and symbols, which protects you from dictionary attacks. However, it is important that you keep them separated throughout the password.
For example, many people put their capital letter at the beginning of the password and the numbers and symbols at the end. But this gives you very little benefit and makes your password more predictable. Spread the symbols, numbers and capital letters throughout your password.
Don’t Use The Same Password For Different Accounts
With so many sites and online accounts out there, it is understandable that you may try and reuse the same password, or a variation of it, for different sites. But that is one of the biggest mistakes you can use. The problem is what happens if one of those sites is hacked? Your passwords are only as secure as the sites you use them on. All it takes is one online account to be compromised and the password for all your online accounts are in enemy hands.
Limit the potential fallout by using unique passwords everywhere. It is imperative that you don’t use the same password for your online banking as you do for a sketchy one-off site. It might be more challenging to remember all of these different passwords, but the added security and peace of mind is well worth it.
Avoid Changing Your Password Often
There has been a lot of conflicting advice around how often you should change your password. As counterintuitive as it sounds, you shouldn’t change your passwords every month. And, if you are an office IT admin, don’t force your employees to create a new password every month either.
It is far better to have strong password policies that require longer passwords with a mix of cases, numbers and symbols than changing them every month or two. This encourages workers to create a strong password that they remember rather than using a simple password with an incrementing number at the end every time they have to reset it.
The future of cybersecurity is less with passwords and more with multi-factor authentication. Increasingly, this is becoming the second step users are asked to take after entering a username and password. This can be entering a specific code, that is sent via text message or email, or a push notification sent to a specific device which you can then accept to authenticate.
Two-factor authentication means that if your password is hacked or stolen, you can still prevent them from accessing your account. While the text message is a common and convenient way to receive login-codes, it is simple enough for a hacker to steal your phone number through SIM swap fraud and intercept your code. Instead, make use of an authentication app, such as those provided by Google or Microsoft.
Check If Your Password Is Safe
Whether it is from a data breach or a malicious hack, you can’t always stop your password from being stolen. However, you can find out if your account has been compromised at any time. Both Firefox Monitor and Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action.
In addition, Have I Been Pwned is a website that you can also use to check if your email and passwords have been exposed. If you discover that you have been hacked, act quickly to secure yourself.
Use A Password Manager
With all these rules about password lengths, complexity and not using the same password twice, it can be difficult to remember them all. This is where password managers come in. Password management sites & apps, like LastPass, 1Password & Google’s Chrome Password Manager, store passwords to your different accounts on both your desktop and phone and require only a master password or biometrics to log into your user account.
Not only do password managers remove the need to remember all your passwords, but will also provide a password generator to create lengthy, random passwords for you to use. All you have to remember then is the master password (which should be as strong as possible).
When it comes to password security, being proactive is your best protection. While new and exciting technology, like biometric logins, are beginning to be used increasingly, we are still relying on passwords as the most common method of authentication. Password security is essential, not just to your own cyber security, but also to the entire internet.
If you are concerned about your business’ cyber security then get in touch with the cyber security experts by phone today on 0203 88 020 88 or fill in our contact form and we’ll be in touch with you shortly.