8 Password Security Tips: The Only Guide You’ll Ever Need
Passwords are like toothbrushes: Choose a good one, never share it and change it regularly.
Did you know that more than half of data breaches result from weak or stolen passwords? A password may seem like a small security factor, but the majority of the time, it’s the only thing standing between your account and a hacker. This is why it’s essential to take the necessary precaution and craft strong, complex passwords for your online accounts, especially when these accounts hold valuable information.
Password security can seem like a nuisance to some people, but taking the extra steps to ensure your accounts and sensitive information aren’t compromised can save you in the long run. Password security is much like working out: You don’t want to do it, but when you do, you feel stronger and more confident! Take a look at the tips below to start strengthening your password security immediately (you’ll thank us later!)
Tip #1: Don’t Use Personal Information
Keep information like your family members’ names, pets’ names, birth date, personal addresses and phone numbers out of your passwords. These details are usually public and extremely easy for a cybercriminal to find on your social media accounts or on forms that they can get their hands on. Don’t make it easy for them by using easy-to-guess passwords.
Tip #2: Use Different Passwords for Different Accounts
I know what you’re thinking. You have a lot of accounts! That’s a lot of different passwords to keep up with. But, think of it like this: Imagine a hacker cracks your Facebook password. Are you using that same password on any other accounts that a hacker could get into? Oh, you’re using that password on ALL of your other accounts such as your bank account and work accounts? Need I go further?
Studies show that at least 59% of people who are aware of the risk, still use the same password on multiple accounts. It may seem inconvenient to take the time to change up these credentials, but it’ll be even more inconvenient when you wake up one day and realize multiple of your accounts have been compromised. At the very least, have 3-4 passwords or passphrases that you use for your accounts. It CAN happen to you, don’t ever have the mindset that it couldn’t.
Tip #3: Change Passwords Regularly
While it may be a bit unrealistic to change every password to every one of your accounts on a monthly basis, it is reasonable to change these passwords every few months-a year to ensure the security of your accounts. You should also be changing your password if any of these situations arise:
- After a service discloses a security incident
- There is evidence of unauthorized access to your account
- There is evidence of an attempt to login to your account from an unknown location or device
- There is evidence of malware or other compromises of your device
- You shared access to an account with someone who is no longer using the login
- You logged into an account on a shared or public computer
Tip #4: Use a Combination of Characters
We’ve all seen the anticipated and dreaded password requirements when creating a password for a new account: “Passwords must have:
- Eight characters
- One symbol
- One number
- One uppercase
- One lowercase”
But, hey, they wouldn’t just ask you to do this for their amusement. Yeah, the extra steps might be a little frustrating and take a couple more seconds of your time, but doing so adds more variables that can make it much more difficult for hackers to gain access to your account. I don’t know about you, but I would much rather deal with the nuisance of a complex password than the inconvenience of a data breach.
Tip #5: Use Passphrases
A passphrase is pretty self-explanatory. Instead of a string of characters, a passphrase is exactly what it sounds like – a phrase used for a password. For example, someone could use the passphrase “Be the change you want to see in the world.” A passphrase can also contain symbols and doesn’t have to be a proper sentence or grammatically correct; the main point is that a passphrase is:
- Easier to remember – It is always easier to remember a lyric to your favorite song or a memorable quote than it is to remember a string of random symbols.
- Harder to crack than an average password – There are now state-of-the-art hacking tools that are able to crack even the most complex password, but even the most advanced cracking tool won’t be able to guess or pre-compute these passphrases.
Just ensure that your chosen phrase isn’t so common or popular that someone who knows you can easily guess it.
Tip #6 Use Multi-Factor Authentication (MFA)
There have been many instances where companies could have avoided a breach by using multi-factor authentication (MFA). Multi-factor identification (sometimes called two-factor authentication) is an increasingly popular security feature that allows you to have more than just your username and password to access your account. After entering your username and password, MFA requires a second piece of information that could be any of the following:
- Something you know: a PIN, password or pattern
- Something you have: an ATM or credit card, mobile phone or security token
- Something you are: a biometric form of authentication, such as your fingerprint, your voice or your face
Multi-factor authentication and two-factor authentication are great ways to keep your passwords strong and essentially safeguard your accounts from potential breaches.
Tip #7: Hide Physical Evidence of Passwords
In an environment where passwords are updated regularly, it might seem convenient to write it on a sticky note and put it on a monitor or in an unlocked desk drawer for reference until it changes again. In reality, this could be a massive security hole if someone were to walk into the office space looking for data to steal. Nowadays there are plenty of password management apps that safely store and retrieve your passwords for you. Some good ones are:
Tip #8: Don’t Share Passwords
Whether you like it or not, you are compromising your accounts any and every time you let someone use your credentials. From the moment they have access, you have no idea what they will do with your account details or whom they might share it with. By keeping your information private, not only are you making sure that your personal information is secure, but you’re saving yourself from potential responsibility for malicious acts someone could partake in on your account. If someone were to hack into your account and commit a mischievous act, you could and probably would be held accountable by your superior.
Take these tips into consideration next time you enter a new or change an old password. Taking the extra steps to ensure the strength of your passwords will result in an extra, necessary layer of security for your accounts and your company.