How many times a day do you type in a password? Probably a lot. Like, a lot a lot. Enough to do it on autopilot at this point, right?
Well, it’s time to turn that autopilot off and give your passwords a long, hard look because this month, we’re taking a magnifying glass to them. Strong passwords are well-kept secrets that play a crucial role in laying the foundation for solid cybersecurity in our everyday lives. It’s time to start setting our passwords up for success. Start with these tips for better, more secure (and easier to remember) passwords.
Statistically, you probably reuse your password - and reuse it a lot. You most likely even know that you shouldn’t but do it anyway. Here’s why that’s such a bad idea.
Websites are breached all the time and cybercriminals often walk away with a long list of usernames, passwords or both. With the average user owning over 90 accounts, the reality is that it’s unlikely you don’t have any compromised accounts. Even if you are so lucky, it’s only a matter of time.
When a cybercriminal gets your email and password, one of the first things they’ll do is try it out on other websites to see if the account owner has reused the password on any accounts with sensitive information. If your password is widely-used, there’s a good chance it’s up for sale on the dark web. When every password that you use is unique, however, you drastically mitigate the damage of a compromise. A cybercriminal who hacks into a small internet forum you frequent won’t be able to use your password from that account to also access your bank account, credit monitoring service, or any website that has saved your credit card information.
Alright, so a password needs to be unique...but what else?
There’s not necessarily a magic number when it comes to password length, but longer is stronger! It’s recommended that you aim for at least 10-12 characters. Your password, of course, should include numbers, letters, and special characters. We love a good exclamation point as much as the next overly-friendly coworker, but it’s pretty predictable as far as special characters are concerned; try incorporating spaces into your passwords instead.
Lay Password123 to Rest
No, “abc123” isn’t an original password, and neither is “qwerty,” “iloveyou,” or “letmein.” Year after year, these kinds of passwords end up on “Worst Password” lists. Steer clear of cliches and come up with something a little more creative. Not only will an original password make you more cybersecure - it’ll sprinkle a little fun into your daily life. Gotta love it.
Speaking of making your passwords more secure AND more fun, have you ever heard of a passphrase? Passphrases can be movie quotes, song lyrics, inside jokes - anything, really! This is a great way to come up with a long, original password that incorporates spaces and stays easy to remember. Knock it off with the passwords that look something like ‘random___word!83752983457;” you aren’t going to remember that.
If you’re thinking “there’s no heckin’ way I can remember strong, unique passwords for every single one of my accounts even if I use passphrases,” then cool your jets. I’ve got you. Introducing: the password manager.
Password managers are applications that will store login credentials for every single one of your accounts. All you have to do is remember one strong master password to open your password manager’s vault. Once you’re logged in, the manager can fill your username and password into each website so you never have to type a thing. Your password stays encrypted, which means sneaky cybercriminals won’t be able to see it.
Popular password managers include (but are not limited to) 1Password, LastPass, NordPass, and Dashlane. Check to see if your organization uses an approved password manager. For personal use, do yourself a favor and download a password manager right now. It will save you time typing passwords, energy remembering a bunch of different passwords, and the headache of having to reset your passwords when you inevitably do forget.
We all do better with a little support, don’t we? Your password is the same. Here are some ways you can send in a little backup.
Security questions probably aren’t a foreign concept to you; plenty of websites use them to verify your identity in the case that you forget your password. How do you go about picking which available security questions you’ll use? Unfortunately, many websites will offer questions with answers that are easily found by doing a little bit of internet recon on you. Your spouse’s middle name can probably be found online, as can your mother’s maiden name. Even your favorite place to eat, your favorite color, and the name of the town where you were born can likely be deduced from a little good, old-fashioned social media stalking. Be sure to pick questions with answers that can’t reasonably be discovered by a glance through your Facebook, LinkedIn, etc.
Multi Factor Authentication (MFA) verifies your identity in more than one way. It combines something you know (usually your password) with something that you have (such as a phone number) and/or something that you are (like a fingerprint). Setting up MFA makes it much more difficult for a cybercriminal to get into your account; a lonely password is much easier to compromise than a password backed up by a second factor. You can use MFA through a text message, code-generating app, or physical token. Text messages are the least secure way to MFA, so if you’re given an option when setting up MFA for your account, save texts as your last choice.
The Big Deal With Sharing Passwords
Look, I get it. You’ve been told not to share your password a million times, but when your BFF Jill asks for your Netflix password, you think “it’s fine, I trust Jill.” Here’s the thing: Jill doesn’t have to be untrustworthy for it to be a bad idea to share your password with her.
When you share your password with someone, you’re making yourself vulnerable to a second, completely different set of cybersecurity risks that you no longer have any control over protecting against. Any bad cybersecurity habits that your friend, family member, or coworker has are now putting your account at risk. Even if Jill or Jack or whoever else would never share your password with someone intentionally, they may still be exposing you to vulnerabilities.
Listen, I get it. I know that many of you are still going to share your Netflix password. While it’s still more secure to keep your passwords to yourself 100% of the time, if you’re going to accept the risks of password sharing, there are still ways to protect yourself. Make sure that the shared password is completely different than any other password you have ever used, and adjust your account settings to ensure that you’ll receive a notification email if someone tries to log in to your account. If a login is attempted from a location you don’t recognize, change the password to force anyone who has gotten into the account to log in again. Alternatively, if you and your friend both use a password manager, you can grant your friend the ability to use your credentials to log in without them actually seeing what the password is.
In conclusion, don’t share passwords - but if you take the risk and do it anyway, be smart about it.
Only you can give your passwords the care they need to be big and strong. You are your own best protection against cyber threats. Download a password manager, get rid of those old passwords you’ve used over and over again, and have a little fun replacing them with passphrases that suit your fancy.
Cybersecurity Games To Make Your Employees Cyber Aware
7 Min Read
6 Metrics to Track in Your Cybersecurity Awareness Training Campaign
5 Min Read
Know how to calculate your ROSI - Return On Security Investment?
3 Min Read
#1 Tool for Planning Security Awareness Success This Year
1 Min Read
Subscribe To Learn How To Prevent Cybersecurity Breaches