Are your passwords up to par with the latest recommendations from industry giants and cybersecurity experts? A decade-old password may not be as strong as you think…
Passwords are the foundation of cybersecurity.
Whether it’s the PIN for your credit card or the password for your email account, these strings of alphanumeric codes are a critical part of keeping your private data and your finances secure.
Are you sure your passwords are strong enough? Do you have all of the associated best practices in place?
There’s no better time than now to find out. If you haven’t thought about the strength and effectiveness of your passwords in a few years, then they’re almost certainly due for an update.
After all, the way we think about passwords has changed a lot…
Not too long ago, the secret to a strong password wasn’t terribly complicated. That said, some of the best practices we suggested were less than ideal—and in some cases, outright wrong in hindsight:
Do you have a particular catchphrase that you’re always repeating? Or a memorable quote or saying that really resonates with you?
Choose a phrase that is easy for you to remember and take the first letter of each word. For example, the phrase “Strangers waiting up and down the boulevard” would translate into “swuadtb”.
A password becomes more effective as its character length increases. Having a password that is at least six characters long is a good baseline to go by.
So using our example from above, we can lengthen it by adding the website name that we are using it for or a company name: “swuadtbGmail”.
Strengthen our sample password by adjusting the case of some of the letters within the password.
By doing this, we make our password more unique and less predictable, even if a hacker is using dictionary database attacks. In this situation, our password could read as follows: “Swu@DtbGm@iL”.
A simple way to continually protect your network is to rotate through a string of passwords so that every week, you’re using a different password. This makes your network more resistant to brute-force hacker attacks.
While some of these best practices are right in spirit, some of them are actively harmful to cybersecurity. You should never use the name of the associated website in your password (i.e. “gmail” for your gmail account), and you shouldn’t keep a string of passwords that you rotate through on a weekly basis.
Fortunately, best practices have been updated in the last few years…
Whether it’s for your family or your employees, make sure that everyone is following the standard password best practices. At their most basic, this includes:
Make sure that you’re not using passwords you’ve used in the past. These could have been compromised without you knowing about it—make sure that everytime you create a password, it is entirely new to you.
Unless you’re using a personal device that is only accessible by you, you and your employees should always log out when leaving a device at the end of the day. Furthermore, you should be in the habit of locking your screen when stepping away from the device, even if only for a few minutes.
Say a site you've signed up for and made purchases from, or planned to make purchases from, gets hacked. Whatever password you had used for it is no longer secure.
The good news is that there’s a simple way to protect against this—change your passwords on a regular basis. That way, it doesn’t matter if a hacker has an old password from three years ago from that website you don’t use.
If you’re not repeating passwords, then you won’t be vulnerable to further breaches when a hacker gets your info.
But that’s easier said than done, right? As we explored above, you have a lot of different accounts—so how can you be expected not to repeat a memorable password here or there?
It may be nearly impossible to do on your own, which is why you should use a Password Manager. A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information.
It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.
MFA is a secondary layer of verification, beyond the simple username and password combination required for most logins.
By requiring a second piece of information (such as a randomly-generated numerical code sent to a mobile device or a fingerprint scan), it’s that much more likely that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
At the end of the day, managing a long list of complex passwords can be frustrating, but it's a key part of your personal and professional security.
Take the time to develop a strong set of passwords before you get hacked, not after. If you need help assessing and improving your cybersecurity practices, get in touch with the Orbis Solutions team today.
Orbis Solutions, Inc., in Las Vegas, Henderson, Summerlin and throughout Nevada, has developed creative, strategic and cost-effective technical solutions for a wide variety of clients. Offering a diverse range of products and services, Orbis provides IT solutions to promote your company’s productivity and profitability, and help you sort through the latest-hyped technology, so you can select the best hardware, software or service for your business needs.