In a previous article, we spoke about having your password safe and what makes up a good password. We discussed what makes up an Ugly Password, Bad Password, and a Good Password. In this article, we will be looking at the holistic approach to password protection, not just the specific characters that should be utilized when protecting your password but the mindset and philosophy behind creating a secure password. By the end of this article, you should have a better appreciation for keeping all your systems secure where a password is required.
- Keep the length no less than 12 characters
- Don’t use one password for all your log-ins
- Don’t write them down
- Don’t share your passwords
- Don’t save passwords on devices you do not control
- Change your passwords frequently
- Utilize multi-factor authentication
Keep the length no less than 12 characters
In our previous article, we spoke about how a 10 character password can be cracked in 31.17 days. Having a password that is 12 characters or more ensures that password crackers cannot brute force into your system. Those characters should have at least 1 capitalized letter, 2 digits, and 1 special character like an exclamation mark or an “at” symbol. Special characters are the keys that you have to press shift for access.
If a website has a maximum password length of 12 characters, then that is definitely something for you to be cautious of. You should contact that website and query why that is the case. If they are telling you something along the lines of, a password less than 12 characters is enough security then you should be very cautious about the information you place on such a website.
Don’t use one password for all your log-ins
It is very tempting, once you have attained a strong enough password, that you simply use that password throughout your log-ins. This is a mistake that should be avoided by the end-user. When a password breach occurs and your password is compromised, the hacker now has full access to what could potentially be the master key to all your website log-ins and more.
According to CRN.com in their article “The 10 Biggest Data Breaches Of 2021 (So Far)” stated that More than 98.2 million individuals were impacted by the 10 biggest data breaches in the first half of 2021, with three of the 10 largest breaches occurring at technology companies. One of those companies, for instance, had a data breach where 15.7 million people were affected. The unauthorized user posted the database online which consisted of personal contact information, passwords, and responses to questions users answered about health conditions, political affiliation, and ethnicity.
Now imagine that your password was one of those passwords made available to the World Wide Web. And that same password is what you used for ALL your other accounts. Can you imagine the devastation that can happen with just one data breach on a website that you are signed up to?
Let’s not find ourselves as one of these persons. Don’t use one password for all your log-ins, mix it up a bit so that if one password is compromised then there isn’t access to all your information.
Don’t write them down
Writing down passwords is a habitual practice done by office workers the world over. Persons would write down passwords and stick them on their laptop screen or place it on a page right in front of them. Though it may seem convenient to you as the user, it is a very dangerous practice that could potentially get your system compromised.
If you write your password on your screen, for instance, any passerby can look at your screen and see your system. Putting them in your drawer or under your keyboard is also not safe. There are many times when hackers and persons with malicious intent go through the trash and get passwords, known as dumpster diving, these stories are very real.
Instead of writing down your passwords on paper, you can utilize password managers. Password managers are softwares that stores your username and passwords in an encrypted format. This information is then generated when you are on the URL associated with that username and password and fills these fields on your behalf. When you are signing up to any new website these password managers also generate passwords so you don’t have to guess them.
Don’t share your passwords
This one may seem obvious, but too many times stories of individuals sharing their passwords to a colleague or close friend to get access to some file were the downfall of multi-million dollar organizations.
The methodology used to gain those passwords might not be as simple as sharing them with a friend or family member, but these hackers use social engineering techniques to make one freely give their password credentials to them.
One occasion speaks of a hacker that called an organization and pozed as their Internet Service Provider. The hacker spoke very confidently to the person on the line and said that they wanted to do a security check on their system. The hacker, posing as the ISP, then went on the ask for the password of the individual’s account to prove that they are said person. Unknowingly the person shared their password and now that hacker had full access to the person’s system.
Cases like this happen all the time and in the most unsuspected places, but the important principle here is to not share your password with anyone.
Don’t save passwords on devices you do not control
Most often than not, when you log in to a website for the first time, the website or browser asks to save the password for future use, so that the next time you log in the sign-in process will be easier.
On your personal laptop that feature is all when and good, but on public computers or devices that you do not personally control this is an absolute no-no. It may seem tempting to click on “remember me” especially if it is a device that you are using often, But once you do not have control of said service then it is safer to enter your password manually at every log-in.
The same can be said for the networks that you log in to. If you are on a public network, avoid accessing websites that require you to log in. Hackers could intercept your communication and hijack the data you are inputting on that website. When browsing on public networks it is best to use a VPN, to secure your connection and encrypt any data that might be hijacked on a public network.
Change your passwords frequently
As stated earlier, a password with 10 characters can be hacked in 30 days. Most banks and websites that have very sensitive information require that you change your passwords ever so often. The purpose of this is to give no room to any potential hacker to gain access to a user’s information.
The same can be said for your personal website log-ins. Keep changing your password frequently. How frequent? Well, it depends really. Some services like Google Mail give you an alert when they think your password is being compromised and should be changed. It really boils down to personal preference really. Some persons change their passwords twice a year, others once every 4 months but in either case, the important thing is to keep your data secure in case of a security breach.
Utilize multi-factor authentication
Multi-factor authentication(MFA) is becoming more common when signing up for websites. The most common MFA comes in the form of a code that is sent to your email, phone number, or through a direct call to your mobile phone, along with the password that you’ve entered.
MFA comes in other forms as well like biometrics and security questions but essentially it supplements your password with another method of confirmation before you can access your data.
We discussed 7 tips for keeping your password secure in 2021. We learned to Keep the length no less than 12 characters. Don’t use one password for all your log-ins and Don’t write them down but use password managers instead. We discussed why you should not share your passwords and not save passwords on devices you do not control, finally, we looked at why you should change your passwords frequently and utilize multi-factor authentication