9 Rules to Follow for a Strong and Secure Password
A world without passwords may be upon us sooner rather than later, however for now passwords are an important and common part of our daily routine. So until, (and if), the day comes where passwords are a thing of the past, it’s important to take measures to make our passwords as strong and secure as we possibly can.
A strong password is essential when it comes to online security, and you should use a unique one for all of your accounts. It is tempting to use the same password across the board, but it’s a bad habit you should avoid. If your password is compromised, it can have serious consequences.
Here are 9 ways you can ensure the strength and security of your passwords.
Use a Password Manager
Strong passwords are longer than eight characters, hard to guess, and contain a variety of characters, numbers and special symbols. The best passwords are ones which are hard to remember, especially if you’re using a different login for every account - as recommended. This is where password managers can make your life a whole lot easier.
A trusted password manager such as 1Password or Bitwarden can create and store strong and secure passwords for you. They will also work across platforms.
The only problem is you still need to create one password for the manager, so make it as strong and hard to guess as it can be.
Write Down your Login Credentials
Wait, what? Did we really just say WRITE DOWN your credentials? This goes against everything we’ve been taught about password security in the past. But password managers aren’t for everyone, and some leading experts actually recommend this and see it as a viable way to track your credentials.
We don’t mean writing your credentials in a word document, or google sheet. We mean old school pen to paper.
Of course, someone could break in to your home and walk away with the credentials to your entire life, but that seems a lot less likely than having them stolen from a google spreadsheet.
If you do decide that writing down your logins is a viable option for you to track your credentials, it is still recommended to keep them locked away in a desk drawer or cabinet, and out of eyesight. Also, limit the number of people who know where you’ve hidden your credentials.
Discover if your Password has been Stolen
Despite measures to stay secure, you may not always be able to stop your passwords from leaking. If you fall victim to a data breach or malicious hack, there may be little you can do to stop your password from being breached. But you can check for hints that your account may have been compromised.
Programs like Mozilla’s Firefox Monitor or Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action. Another program called Have I Been Pwned can also show you if your credentials have been exposed.
Avoid Common Words and Phrases
When creating a password, you should try to avoid using any variation of words or characters that someone might be able to guess about you. This should not need to be said, but you should also avoid common sequences like “Password” or “1234”.
Other things to avoid when creating a password includes using your name, nickname, name of your pet, birthday or street name. Avoid using identifiers that someone, especially someone who knows you or can gather from a conversation with you, could use to compromise your accounts.
Longer Passwords are Better
A great length to start at when determining a password is 8 characters, but the longer the password the better.
The Electronic Frontier Foundation, security expert Brian Krebs, and many others advise using a passphrase made up of three or four random words for added security.
Choosing a password using unconnected words, or a password with completely random characters is best, but can be difficult to manage – thus presenting another case for password managers.
Don’t Recycle Passwords
It is not a good idea to recycle passwords. If someone uncovers your password, and it is one you recycle on multiple platforms, you could be in for a world of hurt. By choosing a unique password for each account that you have, hackers that crack one account will not be able to crack them all.
Avoid Using Passwords you know are Stolen
You may not even realize it when you’re choosing a password, but it’s possible that you may be creating a password that may have already been stolen. Hackers can use these pre-stolen passwords in credential stuffing attacks to break into an account.
Before you commit to a certain password, you can check to see if a password you’re planning on creating has been exposed in a hack by checking it at Have I Been Pwned.
Don’t Periodically Change your Password
For years, it was a commonly accepted practice to change your password every 60 or 90 days. The belief was, that was approximately how long it took for a hacker to crack your password.
However, Microsoft now recommends that there is no need to change your password unless you suspect it has been compromised. The reason for the change of heart was because when users went to change their passwords, they would switch them to ones that were much easier to remember thus making it easier for hackers to compromise their account.
Use Two-Factor Authentication… but Avoid Text Message Codes
Even if a hacker is able to discover your password, you can stop their attempt to compromise your account by having two-factor authentication set up. Two-factor authentication is a security safeguard that requires you to enter a second piece of information that only you have before the app or service logs you in.
In the event that a hacker does uncover your password, without your trusted device (like a phone) and a verification code to confirm it’s you, they won’t be able to access your account.
While its common to receive these codes via text message on your mobile phone (or a call to your landline), it’s simple enough for an attacker to steal your number through SIM swap fraud and then steal your security code.
A much safer way to receive these verification codes is through an authenticator app like Authy, Google Authenticator or Microsoft Authenticator. Through these apps, a code will be generated for you that will allow you to verify your identity without having to use your phone number.
When it comes to password security, your best protection is being proactive.
Story via CNET.com