Password Best Practices: Tips for at Work and Home

by Mark Bonges, Vice President, Application Development | Mar 29, 2017

 
The average person maintains anywhere from dozens to hundreds of passwords. That seems like a lot until you add up the number of social media sites and discussion forums you visit, along with bank and credit card sites, airline and hotel accounts, media streaming services, web-based email… not to mention the different devices you need to secure, like wireless routers and smartphones.

Managing so many login credentials takes effort, so everyone cuts corners from time to time – whether they use passwords that are easy to remember or the same password across multiple sites.

And that’s where the problems begin.

How cyberthieves use your login credentials

As the number of online accounts grows, so do cyberattacks. But cyberthieves don’t simply steal hundreds of millions of passwords and go on a hacking spree. The overall process is more methodical than that, and it can take years before a login is fully exploited.

With an almost endless supply of stolen passwords to choose from, hackers tend to go for the “low-hanging fruit,” the commonly used passwords that are easy to crack.

The takeaway? While there’s nothing you can do to prevent massive online data breaches and theft of your login credentials, you can still minimize your risk after a breach occurs by following a few recommended security practices.

Make passwords complex and long

The strongest passwords contain some combination of complexity and length. “Complexity” has evolved over the years and is defined differently by different websites, but essentially it means a combination of upper- and lowercase letters, numbers, and special characters.

An increasingly common practice is to string several words together to create a passphrase, but be sure to avoid pop song lyrics or famous quotes. Passphrases should be meaningful to you so that you can remember them, but difficult for someone else to guess.

Use caution when managing your passwords

Password management services or “vaults” offer an easy way to store all of your passwords in one place and help you avoid the security risk of using the same password for multiple sites. There are many to choose from, like 1Password and LastPass, and are recommended by security experts.

If you decide to use this type of service, consider leaving out the passwords that protect your most sensitive data, like your primary email address and bank account. Also note that a centralized set of passwords creates a single point of failure for your digital life. If a hacker breaches your password vault, they’ll have access to all passwords in the vault.

Set up multi-factor authentication

Beyond passwords, one of the strongest forms of login security available today is multi-factor authentication (also sometimes known as “two-step verification”). It adds an extra layer of protection by requiring a separate login credential, over and above your username and password. This credential can be anything from a PIN to a temporary numeric code that is generated on a separate device, like a smartphone. So, even if a hacker has your username and password, they would still need access to your PIN or smartphone to be able to break in.

Many websites offer multi-factor authentication as an option, and it’s a good idea to set this up wherever you can, especially for your email and financial accounts.

Think about what you’re trying to protect

Finally, whenever you go to create a password, think about what you’re trying to protect and what you’re protecting yourself from. Don’t skimp on security when it comes to your most sensitive data. Ensure that your critical passwords are unique and difficult to break, omit them from your password vault if you use one, take advantage of multi-factor authentication, and set calendar reminders to regularly change your passwords.

Cybercrime is constantly evolving as the Internet evolves, and no form of security is ever 100% bulletproof. Strong passwords should be only one part of a multifaceted and ongoing security plan. Keep an eye on the trends and be proactive – it’s your best line of defense.