In this digital age, we all have dozens of online accounts. With so many to keep track of, it becomes difficult to manage all our passwords to access the resources and websites we need.
Hackers and thieves are working hard to breach your most intimate details, trying to steal your money, borrow your identity, and wreck your life. How do you stay safe and keep your information out of the hands of cybercriminals? Good password management and other security best practices is the answer.
Password Security Best Practices
According to Verizon, in 2018, 81% of the data breaches were due to weak or stolen passwords. Most of those were able to be decrypted or guessed within minutes. We hear this all the time; many of the most massive data breaches and ransomware incidents were due to someone using a weak password or clicking a link from inside a phishing email and getting infected with malware.
Thankfully, there is a whole list of best practices you can employ to keep your online life safer and more secure against cyber threats.
1. Manage Your Passwords Better
Online security is a big risk for everyone. The more you know about how to stay safe, the better. Follow the tips below for better password and security management.
2. Passphrase Rather than a Password
Create a long, strong passphrase rather than a password. The old standard used to be a password between 8-12 characters long. With hackers getting sophisticated and much more efficient at breaking them, experts now suggest using a 64-character passphrase and include spaces in it.
3. Two-Factor Authentication
Always sign up for two-factor authentication with all your accounts, especially those that involve money, credit cards, or personal information that can be used for identity theft. Two-factor authentication texts or emails you when changes to your account or new logins occur.
4. Turn on Encryption
If your device or service offers end-to-end encryption, turn it on. The more you can do to protect your data, the better.
5. Never use Real Words
Avoid using dictionary words because hackers have tools that check your password against normal dictionary words. Use nonsense words or paraphrases, replacing letters with symbols for the best protection.
6. Never Reuse Passwords on Multiple Accounts
To remember their passwords most people reuse them on dozens of websites. Credential stuffing is a method hackers use to test passwords they stole from one account on other accounts. So, if you reused yours and the hackers get one, they now have control of all your stuff.
7. Turn on Multi-Factor Authentication
If you have devices that offer biometric verification like TouchID or face recognition, turn them on. It adds another layer of security, so your passwords remain protected. Some websites provide other types of multi-factor authentication. Take advantage of any options you have available to you.
8. Test Your Password Strength
Microsoft offers a tool where you can test the strength of a password, and it can even help generate better ones for you if yours fails the test.
9. Have I Been Pwned and Other Third-Party Search Tools
You can also check to see if your passwords have been breached using websites like Pwned and other search engines that compare your passwords with those found on the dark and deep web.
10. Don't Write Passwords Down on Paper
It may seem obvious but never write your passwords down on a slip of paper or sticky note. If remembering your passwords is difficult, install a password vault on your main computer and sync to all your devices so that you have access to your locked-down passwords wherever you go.
11. Do Business Offline
If you have explicitly sensitive information on a computer or device, keep it offline. Do not connect it to the internet, and you won't have to worry about it being hacked. Do secure it with a strong password, fingerprint, or face recognition lock.
12. Never Share Passwords with Anyone
You may be good-intentioned by sharing your login account with a friend or family member, but you have no idea how they will use the account and what if any steps they have taken to secure their computer and devices.
Final Thoughts on Best Practices
Invest in a good password vault/manager to help create good, strong passwords and store them for you, so you only need to remember one. Many of these programs will also evaluate your passwords' strength, perform an audit and alert you when one of your accounts has suffered a data breach, and log into websites for you, so you don't even need to enter a thing. Look for a password manager that offers syncing across all your devices and built-in encryption so you can feel safe opening it on your mobile phone.
Always keep all your devices updated with the latest security patches and install good, robust antivirus/anti-malware software and often run deep scans.