Managing Your Passwords: Improve Your Cybersecurity With These 8 Vital Password Tips
Yet, password best practices are still not followed – and it shows. With 80% of data breaches being linked to weak passwords, it’s time to brush up on your password-setting routines.
Let’s go through 8 password setting tips and best practices to keep you and your employees safe from cyber attackers.
1. Use a Long Password
As a rule of thumb, the longer the password, the more secure. And the numbers don’t lie:
A 12-character password with uppercase characters, lowercase characters, symbols (!, @, # etc.), and numbers take 62 trillion more attempts to crack compared to a simple 6-character password with only lowercase letters.
2. Never Use Personal Information
Using personal information such as your name, children’s names, or birthdays is bad practice. Yes, it makes them so much easier for you to remember but this generic information can often be found online and used by cybercriminals to gain unauthorized access to your system and accounts.
When you are next creating a password, think of something specific yet random:
- A news headline that caught your attention that day
- The menu item that you ate at a restaurant earlier
- The song title and artist currently playing on the radio
3. Swap Letters With Punctuation and Numbers
Swapping letters with numbers and punctuation increases your security in two ways.
Firstly, it makes the number of attempts it would take to crack your password significantly larger, as swapping out letters for numbers makes the pool of options hackers have to go through significantly larger.
Secondly, if a potential intruder knew your password verbally, they still wouldn’t be able to gain access due to the change in the spelling.
Some examples of swaps could be:
- a can be swapped with @
- i can be swapped with !
- s can be swapped with 5
- t can be swapped with +
- o can be swapped with 0
- e can be swapped with 3
4. Make Deliberate Spelling Mistakes
Bad grammar is usually frowned upon but is an excellent way to deter cyber criminals that use brute force attacks.
This is a process that cybercriminals would use whereby they run through combinations of words in the dictionary using correct grammar and spelling until they crack the code.
If your passwords have incorrect spellings, this puts you at less risk of falling victim to these brute-force attacks.
5. Keep Your Passwords Secure
Now you would think this is straight to the point, goes without saying tip… Think again.
A staggering 79% of Americans share their passwords.
Never give up your passwords voluntarily, no matter how innocent it feels at the time. Also, avoid writing them down and leaving them in an unsecured place.
Often people give up their password involuntarily without even realizing it. One example of this is phishing scams in which a cyberattacker pretends to be from a reputable company and coerces the victim into handing over sensitive information.
For a full guide on recognizing and preventing phishing scams, check out our article on phishing.
6. Use a Unique Password for Every Account
Using the same password across multiple accounts sounds appealing, with fewer passwords to remember.
But, if a hacker gains access to one account, they gain access to all of them, which could be catastrophic in both a personal and work environment.
Never repeat passwords.
7. Use a Password Manager
The average user has 38.4 unique passwords to remember.
If they’re strong, long passwords with random characters, numbers, and misspellings, then those passwords are even harder to remember.
A password manager takes away that stress by keeping all of your passwords and login details in one secure place, often requiring multiple forms of authentication for access.
Which leads to our final and most pressing tip…
8. Enable Multi-Factor Authentication
Using multi-factor authentication (MFA) requires you to provide more than one form of authentication metric when gaining access to a system or account.
Microsoft claims that using MFA blocks 99.9% of attacks, which is a staggering statistic.
MFA usually comprises a password coupled with another verification such as SMS, email, or phone token, push notification to a verified device, biometric authentication, or a third-party mobile application code authenticator.
From a personal and organizational perspective, enabling MFA – or even better, passwordless authentication – is one of the most important things you can do to improve your cybersecurity.
For an organization, there are ample fantastic identity and access management solutions to choose from including Transmit Security or Okta. The only downside for an organization looking to implement MFA or passwordless authentication into their security strategy is the availability of expertise to implement that solution.
That’s exactly what we provide at Rediminds as your certified security implementation partner. Our team combines expertise in all of the core security solutions to support you from ideation to implementation.
Let’s create a safer online environment for your users, together. Get in touch to speak with one of our security specialists today.