Passwords are required for everything you log in to these days: your computer, your bank, your email, and more. It may be tempting to use the same password or a slightly different version of it for multiple sites, but doing so increases your risk of compromising personal and protected information.
Utilizing strong passwords is the first step in improving your security hygiene. Here are a few tips for creating better passwords and managing them effectively.
- Start with a 16-character password. 16 characters is now the standard per NIST as it allows for more complexity. The more difficult your password is, the less likely it is to be cracked by a threat actor.
- Use phrases that only you would remember. Passphrases make it easier for you to remember but harder for someone else to crack. For example, using a lyric from a song or a quote from a movie or show. As an example for this blog, we’ll use that famous line from The Godfather: I’m gonna make him an offer he can’t refuse. The passphrase would start as Makehimanofferhecantrefuse.
- Combine upper- and lower-case letters. Using the example above, the passphrase would now look something like this: MakeHimanOfferhecantRefuse. Combining upper- and lower-case letters increases the complexity of the password.
- Use special characters and numbers. Special characters and numbers further increase the complexity of your password. Many password policies require special characters, numbers, and upper- and lower-case letters to maintain password difficulty. Our example password now becomes: M@keH1man0fferh3c@ntR3fus3.
- Employ Two Factor Authentication or Multi-Factor Authentication. Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) requires the user to verify their identity on an additional device (like a cell phone) before granting access. There are many authentication apps you can use to confirm a user is attempting to log in. This additional layer of security ensures only the authorized user can access the account they are logging into. Google, Microsoft, Amazon and more offer 2FA for users to access their accounts.
- Do not use personal details in your passwords. One of the worst things you can do is provide personal information in your passwords, as it makes it much easier for someone to hack them. When setting up answers to security questions, consider using the incorrect answer. For example, if the security question is “In what city did you marry your spouse?” don’t use the correct one. It’s a good idea to avoid using significant dates (anniversaries, birthdays, etc.) in your passwords as well. If you post photos of your dogs or kids on Facebook and then use those details in your passwords or security questions, you’re essentially providing a road map to your data.
- Utilize a password management system. A password management system, such as LastPass or Bitwarden, is an efficient way to store your passwords for every site you log in to. You just have to remember your master password to access your vault. Additionally, a password management system can auto generate secure passwords, allowing you to set the parameters for the passwords you want to create. Password management systems also employ 2FA for an added layer of security.
- Create unique passwords for every site. It’s never a good idea to use the same password for more than one site. Doing so opens you up to more risk of being compromised. This is where utilizing a password management system is beneficial as you can create complex and unique passwords for each site and store them in your vault.
- Change your password immediately when you find out your information may have been compromised. https://haveibeenpwned.com/ is the best way to find out if your information has been compromised at any time. You can provide your email address to determine if you have been breached and if you have, you should change your password immediately.
- Never share your passwords. Sharing your passwords (even with someone you trust) is never a good idea. If the person using that password was hacked, your password is now at risk. Think of your passwords as valuables you would store in a safe. It’s unlikely you’d share what you keep in that safe with anyone, so why would you share your passwords?
Creating strong passwords and utilizing them efficiently is a good first step to protecting your data. Tego can help your organization create and enforce good password and other security policies. For more information, contact us today.