Password Safety: The Do’s and Don'ts

With the internet providing ease of access to more and more each day, the number of passwords we’re expected to remember seems to increase exponentially. At the same time, safeguarding your online accounts against unwanted access from potential hackers is essential to online security.

The foundation of internet safety starts with knowing how to best set strong passwords that are memorable AND robust enough to protect your accounts from the outset.

Strong Password Tips

It’s best practice to avoid using simple passwords or easily guessable information (like a pets name or your birthday) – these details can often be found by a hacker on the internet through enough searching on social media or other publicly accessed resources. A weak password can easily be broken by unsophisticated hackers using the right automated tools, providing unwarranted account access to your personal account data.

Find some of the recommended suggestions for strong password creation below.

1. Make passwords long

• A long password is a strong password. Aim for your passwords to be a minimum of 16 characters or more by default.

2. Make passwords random

• Create a unique “passphrase” made up of an unrelated string of words that you can easily remember to use as a password. Remember NOT to use common clauses or phrases for this approach, no matter how random they may seem.

• Randomly combined strings of letters, numbers, and symbols used as passwords are significantly more difficult for a hacker to guess or for a malware system to “crack”.

3. Make passwords unique across accounts

• Avoid password repetition by assigning each online account its own entirely unique password, or a unique variation of an existing password.

Password Assistance

Now that you’re using more unique and complex passwords, remembering them might seem a bit daunting; that’s where Password Managers come in.

A password manager is a simple program that stores your passwords in an encrypted environment, keeping them safe from prying eyes while removing the pressure of remembering every unique password variation. Some password managers can also automatically suggest strong passwords when it recognizes that you’re creating a new online login or resetting an existing one, which can help streamline the password creation process as well. Many smartphones now have a password manager built into their standard software, allowing you to move forward with easy password creation and storage without having to download an additional app or browser extension. Check your device’s General Settings to learn more. 

MFA and 2FA

Another way to enforce more security around passwords is to enable Multi or 2-Factor Authentication. Enabling multiple authentications allows for a second piece of information (typically an auto-generated, single use code) to be used in tandem with your password to confirm your identity as the intended person trying to access the online account. 

Adding extra authentications to your online accounts when possible is helpful, because in the event a password does become compromised, a hacker will be unable to access the second piece of information to get into your account. MFA can typically be activated in the “Account Settings” or “Privacy & Security” menus for an account or app. Once activated, you’ll then be able to choose which form of secondary authentication you would prefer.

What to do if you’ve been hacked

• Report the incident in detail to the National Cybersecurity and Infrastructure Security Agency here.

• Reset all other potentially affected passwords. If a company or platform experiences a data breach, they will typically communicate accordingly about suspected secondary breach. Be sure to keep an eye out for their recommendations and to adjust any additional passwords and account credentials accordingly.

 

Sources: National Cybersecurity Alliance, cisa