Passwords are the gatekeeper to most of our digital lives and while they may seem like an antiquated way of authenticating who we are, good password basics are a key part of protecting us from damaging identity, data and financial theft. Did you know that 54% of people use 5 or fewer passwords across their entire on-line life
? Or that on average, 6 unique passwords are used to guard 24 on-line accounts?
With so many potential victims, cybercriminals follow a simple premise: Go after the low-hanging fruit!
Good passwords may not 100% protect you from hackers (there’s other ways they can trick you into volunteering information), but it adds a high enough level of complexity that they usually move to the next easiest victim.
On World Password Day 2017, lets pledge to follow these password basics to keep our digital lives safe!
1. What makes a strong password?
When was the last time you heard, “you need a strong password, stop using 123456”? Probably every other day like a broken record. Let’s break the procrastination cycle and strengthen your digital life.
Quick tip for strong passwords
- Good passwords will have at a minimum 10 characters, using a mix of upper and lower case letters, numbers, symbols and punctuation marks. For truly good passwords, 12-14 characters is recommended
- Don’t use any information that might already be public like personal identifiable information, important dates (birthdays/anniversaries), family member or pet names, and celebrities
: Think of a phrase that you can easily remember like a line from a book or your favorite song and use the 1st
letter from each word to create what’s known as a passphrase. Just combine upper and lower case letters and replace some with numbers and symbols
For example, “strong and smart passwords make for good security” could be turned into S@$pm4Gs!*
2. Make unique passwords for every account
Here’s another broken record. Using the same passwords for several accounts can be a fatal mistake, especially for sensitive things like bank accounts. Hackers know that for convenience, most people are likely to repeat passwords across accounts so once they get a hold of a set of passwords and email addresses, they’ll surely try them everywhere they can. Unfortunately, more often than not, they eventually succeed.
But with an endless number of on-line accounts, how are you to remember complex and unique passwords? Hint- Keep reading for the answer!
3. Use password managers
Password managers are on-line services that safely stores all your passwords so that you no longer have to remember 15-20 different sets of credentials, especially after you’ve taken the time to make them complex. All you need to do is set-up a single master password (following the strong password
guidelines, of course) that you will use to access your account passwords through a browser or a smartphone app.
What’s great is that many services are either free or have a very low price.
Another great advantage of password managers is that they help you generate separate complex passwords for your accounts.
You might be wondering, isn’t it riskier to have all passwords stored in one single place? Short answer is that password managers are not the end-all-be-all solution but they are generally a great solution as they encrypt all your information and help you conveniently maintain strong, separate passwords for each account. To mitigate the risk of anyone accessing your password manager account what we recommend is enabling multi-factor authentication that requires additional steps beyond just user name and master password (check out step #4).
At Envision, we are big fans of LastPass
for password management
4. Use multi-factor authentication
Multi-factor authentication (MFA) is just a fancy term for multiple ways to prove that you are in fact who you say you are to prevent access if your user name and passwords are stolen. Have you ever been asked for a verification code that is texted to your phone or email? Congrats! You’ve used multi-factor authentication. Other companies have made it even fancier through fingerprint verification or an external device like a USB that you plug into a computer when you want to access accounts.
We strongly recommended using MFA for as many accounts as possible, particularly most sensitive ones like financial, social media and email.
To find out which websites support MFA visit https://twofactorauth.org
5. Change passwords regularly
It’s always good practice to update your passwords at least once a year, with the most sensitive accounts changed every 6 months at a minimum. Sounds tedious? Not with your brand new password manager!
Happy World Password Day 2017!