Passwords are a necessity in the digital age. They protect our accounts, our information, and our general privacy. At the same time, remembering multiple passwords for all the websites we use is daunting, and the general recommendations for best practices seem to change all too often. So how are we expected to protect our passwords, and what are those best practices? We’ve compiled a list of password best practices that will give you some basic guidelines to follow so you can keep your accounts and information secure.
A simple password, like 123456, qwerty, Administrator, or MyDogsName1, may be easy to remember, but they’re also frequently used. Because of this, these types of passwords can be hacked within a second. The first step in password security is finding the right password. With the growth of Social Engineering attacks, using easily identifiable personal details may give a hacker a clue to your password. And if you use that password across multiple accounts, you’re putting yourself at even higher risk.
Complexity vs. Length
Using a complex password is an excellent option for keeping your account secure. Using characters to replace letters, and using random strings of numbers and letters makes your password hard to hack. Long passwords leave a lot of uncertainty in what the next key might be. Unfortunately, that also means that passwords like these are difficult to remember. A great option to help you remember a long password is to use passphrases. Avoid using repeating words or meaningful words such as your children’s name that could be easily identified by a quick search of your social media profiles. Add in numbers or random characters that don’t have a personal significance like birthdays or anniversaries. It is generally accepted that a 12-character password with complexity mixed in, such as spaces or intentional misspelling, is the way to go.
If you aren’t sure about what password to use or how to make your existing passwords secure, there is a solution. Password generators use pseudo-random passwords generated from specific ciphers and hash functions. These generators create sequences that are incredibly difficult for bad actors to crack. For instance: &o5z21Uw79c927De. It doesn’t follow a pattern as all characters are randomly generated, and the password is 16 characters long. Many mobile devices like iPhones have a built-in password generator that will suggest a strong password for you on each website or app that requires a login. Passwords like these make it difficult for hackers to use brute force or dictionary tools since there isn’t a specific reference or pattern that can be deciphered.
A good password manager, like LastPass, Dashlane, 1Password, and Remembear, also offer password generators that solve the earlier problem of remembering passwords for you. They act as a virtual safe to store your passwords for each site or application you visit. They are user friendly, have free or paid upgrades, and are available across platforms and devices. You simply have to remember one password to your password manager, simplifying your password storage while allowing you to use a new password for each site or application. Many managers will also allow for teams or family members to access shared vaults, which eliminates the risk of openly sharing passwords by word of mouth or other non-secure methods.
A lot of companies, including the BBB, encourage people to change their passwords frequently. A lot of companies establish policies that require employees to change their passwords often. While that sounds like common sense, problems arise with so many password changes. When companies require frequent password changes, employees tend to go with the simple route so they can get back to work faster. For instance, changing only a single letter or reusing a previous password. LastPass suggests changing passwords only after a data breach, signing in on a public computer, or at one year since your last password change.
If all of this fails and someone steals your password, two-factor authentication is your saving grace. Having this tool is beneficial in three ways: it gives you a warning when someone is trying to get into your account, slows a hacker down, or stops them by locking them out of your account since you hold the authenticator key. Many companies such as Google, Duo and Microsoft offer authenticators. Activate these authenticators everywhere you can to keep your accounts safe.
Password safety is one of the most critically underrated aspects of our lives. We all understand that password protection is essential, but acting on that knowledge is a different matter. Thanks to apps, it’s easier than ever to create and manage passwords and keep them protected.