We all know the drill:
use strong passwords to improve your password security.
When it comes to password security, many of us follow a few basic rules, all of which revolve around creating a strong password. But have you taken the time to explore other methods you can implement to take your password security to the next level? Let’s explore them here.
Password Myth:
You’ve probably heard (repeatedly) over the years that you should change your password at least every few months. The reasoning behind this is that if a password is compromised and your account breached, the time that a hacker remains inside the account is relatively short.
But what if we told you this isn’t necessary?
Most tech experts today will agree to disagree with this outdated recommendation. In 2017, The National Institute of Standards and Technology released new guidelines that make password management so much easier.
So, what SHOULD you do?
- Instead of frequently changing what you think is a perfectly good password, just make sure all of your passwords ARE in fact strong and unique.
- Make sure you are NOT using the same password across multiple devices or accounts.
- Only change your password if you believe your account has been hacked.
Why is password security important?
Password security has always been an important aspect of cybersecurity. Unfortunately, the days of securing your accounts with the password “password” are long gone. The requirements of a strong password have rapidly evolved over the years to keep up with our growing online presence and advancement in the tools that hackers use.
Password security is especially important due to the stark increase in cloud adoption, as more and more sensitive information is being stored in cloud environments. During the height of the COVID-19 pandemic, more than the half of employees in Canada transitioned to remote work, increasing the need for both cloud adoption as well as increasing the opportunity for hackers to gain access to insecure accounts. Although this new reality does offer numerous benefits, remote work is also providing a breeding ground for cybercriminals. A flurry of new threats, technologies, and business models have emerged as the world has shifted to remote work.
Is your password secure? Try these steps to enhance your password security today:
- Length, complexity, and passphrases It’s simple: the longer and more complex the password, the harder it is to crack. Passwords should always be at least 8 characters long (12 characters is ideal) with a combination of numbers, letters (both uppercase and lowercase) and special characters. Always avoid using words, names, or other personal identifiers such as birth dates or addresses!Passphrases can be a great solution for those who are prone to using words or phrases! A passphrase is a sentence-like string of words that is longer than a standard password, easy to remember and next to impossible to crack! Passphrases should be at least 4 words and 15 characters in length and should still follow the same guidelines for a strong password. Passphrase example: The sentence “My Name is Jack and I was born on 1 January 1900!” can give you the following password: “MNiJaIwbo1J1900!” This passphrase is long, it contains numbers, special characters, uppercase and lowercase letters, and it’s hard to decipher
- Avoid password recycling! Despite the fact that password recycling is considered very poor password management, about 53% of users admit to using the same password across multiple accounts. This means that if one password is breached, leaked, or stolen, there is a very high chance that hackers will gain access to all accounts using that password and obtain sensitive, financial, or client data.
- Don’t trust your browser You might want to think twice about letting your browser remember passwords for you. Although convenient, any intruder who has gained unrestricted access to your computer can view and copy all of your passwords by visiting your browser’s settings page.
- Use two-factor or multi-factor authentication It may sound complicated, but 2FA and MFA simply mean that instead of using just a username and password, a security system verifies your identity by requiring multiple credentials. Examples of a 2FA and MFA include verification codes sent via email address or text, fingerprints or facial recognition. Most software and service providers offer this security feature so that you can add a layer of protection to your devices and online accounts.
- Go passwordless! Yes, you read that right. Going passwordless could bring you into the future of password management. If there was an alternative to the inconvenience of having to remember all of your passwords, wouldn’t you go for it? Well, we have some good news – an alternative is here! Going passwordless could be the next step to optimizing your password security. Passwordless authentication is a form of MFA (discussed above) that rids users of having to create a password altogether or offers an additional layer of security on top of a password. This is an effective solution for protection against both phishing and brute force attacks.In order to move yourself into a passwordless future, there are several other security methods you can adopt. Some options include a mobile authenticator app, biometrics like a fingerprint or facial scan, or SMS or email verification codes. You may be required to use more than one of these methods to prove your identity. 2FA and MFA (see above) have proven the importance of a multi-pronged approach to our data security.
With these simple but effective steps, you can begin to enhance your password security and keep your data safe from hackers. Want to take your cybersecurity to the next level? Learn everything you need to know about data protection here!
