Passwords are increasingly becoming easier to hack, meaning that companies must take new actions to protect themselves from cybercriminals.

“A lot of personal data is no longer private and consumers are finding it a lot harder to protect themselves when their data is out in the open,” according to Limor Kessem, executive security advisor at IBM Security.

TechRepublic’s Dan Patterson met with Kessem to discuss simple tips enterprises and consumers can use to improve their security.

1. Rethink your password

Passwords are still being used as a top authenticator, Kessem said, and they are becoming easier to hack quickly. Users should create longer passwords and use “nonsensical phrases” that make them harder to guess. These can be written in different ways, such as by using abbreviations.

Kessem also suggests using password managers to avoid duplicating passwords. “Although nothing is bulletproof…reducing the risk of reuse really outweighs the risk of password managers ever being breached,” she said.

SEE:IT leader’s guide to the threat of cyberwarfare (Tech Pro Research)

2. Rethink your security question

Criminals know that you will be asked security questions to authenticate your account, Kessem said, and they will try to find out that information using social media or other publicly available information. When you’re setting up an account, choose a question that is personal to you such as “What is your favorite color?” or lie in your answer to the question. For example, rather than using your mother’s maiden name as an answer, choose a unique name that you will remember, Kessem suggested.

3. Rethink your multi-factor authentication

Consumers and enterprises should also use more than one method of authentication. Use an extra SMS text, email, or automated phone call to verify the account. “It’s always good to layer more controls in order to make sure that if the account is ever accessed by someone who is not authorized, that they would probably not have that extra factor,” she said.

Also see