8 Essential Tips for Password Security

Anuradha Nandan | Thursday, September 3, 2020

8 Essential Tips for Password Security

8 Essential Tips for Password Security

One of the biggest technology-related concerns in our world today is cybersecurity. Even with the proper precautionary measures in place, our accounts — both personal and professional — are vulnerable to cybersecurity attacks. It should come as no surprise that cybersecurity training is one of the most in-demand skills in 2020. 

With data breaches happening frequently, data protection is top of mind for many IT leaders looking to secure their organization. But on an individual basis, what can we do to help secure personally identifying information and business data? The area to optimize is password security. We use passwords on a daily basis — to log into our bank accounts, social media, various work tools, etc. But do we ever think about creating the best passwords to protect the information in these accounts and avoid potential cyberattacks?

Your passwords are your responsibility, so you have to do what you can to protect yourself (and your organization). We've put together this recommended guide on increasing your password security.

8 Tips for Improving Your Password Security

First, think about each password you use for each individual account you have, both personal and professional. Are most of them exactly the same? Do they contain common phrases? If you answered yes to either of these questions, you’re at higher risk of cyberattack.

Here's everythting you need to know about improving your password security:

1. Long Passwords

Your passwords should be as long as possible. If you are allowed to have a password between 8–12 characters, it should be 12 characters. Longer passwords take more time to break. For many hackers, including the most skilled ones, it's simply not worth the effort. 

A general rule is if your password is less than six characters, it needs to be extended (if possible).

2. Use Different Passwords

Remember the exercise we started with? What's your answer — are most of your passwords exactly the same? If so, this needs to change.

As much as possible, you should aim to have a different password for every single internet account. Yes, we know this sounds tiresome, but if you are serious about your security, then this step is vital.

You don’t want to use identical passwords, but you should also make sure your passwords are not even similar. A different password doesn't mean jumbling up the characters or adding a few numbers or special characters to the end of an existing password. Make sure every one of your passwords is unique (beyond switching characters around).

3. Use a Password Manager

A password manager is an external application in which you can save the login credentials for your internet accounts. Given how many new passwords you may need to create from tip number two, you may want to consider using a password manager for a couple reasons.

First, password managers can autofill your login credentials when you access your internet accounts, and their smart technology can help generate random passwords that are almost impenetrable.

Second, these password managers are also great in case you ever forget your passwords. They are more safe and secure than writing your passwords down or storing them in a less protected way.

4. Multi-Factor Authentication

This tip isn’t directly related to the quality of your passwords, but a great way to ensure heightened security is to enable multi-factor authentication. While this does take longer to log into your account, this brief inconvenience is a much better alternative to having your password (and personal information) stolen.

Once enabled, a unique code is sent to your email or smartphone every time you want to log in, and you can only log in after entering this code. So even if your actual password is stolen, as long as the hacker doesn't have access to your email or smartphone, they won't know the code needed to log in.

5. Change Your Passwords Regularly

Many see this tip as an inconvenience, too, but it is crucial for password security. Ideally, you should change all your passwords every 90 days. 

If you're responsible for security within your organization, make sure to request that the organization's policies require users to change the passwords of all their business-related accounts every 90 days. 

It's also imperative to stay abreast of any data breaches. For example, if you read an article about a data breach for a company/website you frequent, you should immediately change your password. Even if it doesn’t look like your account was breached, be proactive and change your password immediately — it’s better to be safe than sorry.

6. A Mix of Characters

Your passwords should always contain a combination of letters, numbers and special characters. It's also best to intersperse them throughout the password. For example, instead of 'Flummox123!' you may want to try 'Fl1umm!@o23x'. Remember, the most common passwords are common words and phrases. You don’t want your password to be anything you can find in a dictionary.

The password manager we mentioned earlier will likely be able to create this type of password. Depending on your web browser, you may also have an embedded feature that generates a strong password along these lines. If your web browser has this feature, we strongly recommend using it.

7. Avoid Common Passwords

Whenever you need to create a new password or update an existing one (every 90 days!), we suggest researching what the common passwords are so you can avoid using them or something too similar.

8. Use VPN

As a final note, for enhanced security at a business level, we also suggest using a VPN whenever you and your staff are using the internet. A VPN makes it harder for hackers to trace your internet activity, which is particularly crucial when setting or changing a password.

Secure Your Accounts

Now that you are armed with these helpful tips on password security, we strongly encourage you to revisit your own passwords and set aside time to begin changing them. Then, set a notification 90 days out as a reminder to update them again.

Improving your password security is the first step you can take toward protecting data. To learn more about cybersecurity beyond passwords, explore your options for cybersecurity training today.

How to do AWS re:Invent Like a Ninja

How to do AWS re:Invent Like a Ninja

With over 50,000 attendees expected, it will take preparation and discipline to get the most out of your investment of time and money. To this end, I have prepared a list of properties you should hope to emulate, in order to re:Invent like a ninja.