Password security should be observed every day. To best protect the data secured behind the average password, your password needs to be better than average–much better.
In honor of World Password Day, an initiative which brings awareness to password strengthening strategies every May 2, here are six ways to enhance account passwords with an eye toward security.
SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)
The methods described below apply to just about any account that relies on passwords to protect and secure data. This further extends across platforms remaining a truly hardware-agnostic set of principles, which may be set up on all your computing devices, running multiple OSes to provide the best protection for all your internet-enabled devices.
Note: While some of the methodologies described here will inquire a cost-based service and/or subscription model, most of these protections are free, simple to integrate, and easy to manage moving forward–but only if you take the time to set them up.
1. Password complexity
There’s a saying that passwords need to be “easy for you to remember, but difficult for anyone else to guess.” And while I agree with the general premise–passwords should be difficult enough for anyone to randomly guess– it is a bit difficult to quantify since newer, modern technologies exist with the sole aim to crack passwords in seconds.
What do you do? Simply put, make it as mathematically difficult to guess and/or crack your password as possible by maximizing the usage of key spaces (or the number of keys used in creating a password profile) by including a combination of symbols and case-sensitivity alongside the usual alpha-numeric passwords, plus extend the minimum length to something beyond the average 12 characters.
2. Do not copy
Do not reuse passwords. Easy? No. Annoying? Yes. Does it add a layer of complexity to managing your passwords? Absolutely. Will it prevent you from getting hacked? Not at all.
If one of your accounts does get compromised, it will prevent the attacker from reusing the compromised credential on any other websites you may have accounts with and compromise them as well. This could very well mean the difference between having 1 or 100 accounts compromised.
SEE: Password managers: How and why to use them (free PDF) (TechRepublic)
3. Layer up
Add a second layer of protection to your account by setting up two-factor authentication (2FA) where possible. A form of multi-factor authentication (MFA), 2FA relies on an additional factor (different from the primary) to further verify the identity of the user prior to granting access to data.
MFA requires that the authentication mechanism be extended to allow for a secondary authentication prompt to be sent to an external device like a smartphone, token, or email with a code, which must be entered within a certain amount of time to confirm the authentication request before granting access. If one of the two factors are incorrect–authentication fails.
Some examples of common technologies in our everyday life that use 2FA are the chip & PIN set up at the ATM or the kiosks in airports that require an account number and retina scan to verify our identities when crossing customs and border patrol.
4. Stop writing it down
We get it. It’s hard to remember each password for every account. But, anyone with access to your personal space(s) can and will find those scribbled down passwords on post-it notes, taped to your keyboard, or hidden not-so-cleverly under the device’s footprint or bottom of the aforementioned keyboard.
This also applies to any password books used exclusively for keeping track of your credentials. Because after all, any security enhancements you implement are just as easily voided if you’re leaving the secrets to your accounts out in plain sight for anyone to use.
SEE: Password management policy (Tech Pro Research)
5. Change it up
Most accounts don’t come with default passwords set but sometimes they do. In these cases, change the default ones immediately. Do not keep those around as it is far too easy to obtain a list of default passwords for your devices that could allow an attacker unauthorized access to your accounts within seconds. Yes, there are websites dedicated to maintaining such a list.
Oh, and a note about changing passwords: Do it frequently. It doesn’t have to be every day or week, or even month, but it should occur often enough so that your passwords are swapped out if they should be compromised. And of course, change your passwords in the event that your account(s) are ever compromised. It’s like getting your door locks rekeyed after losing a house key.
6. Forget all passwords
One of the best ways to protect your accounts is to never know your password in the first place. I know this sounds counter-intuitive, but hear me out. Using a password management application, like 1Password or LastPass (or countless others), helps by logging account credentials and automatically generating long, complex strings of passwords, which are contained in an encrypted storage block on your mobile and stationary devices to protect passwords.
The applications further protect accounts by comparing the URLs being visited against their known secure counterparts in an effort to verify the validity of the site in question. It even compares sites against an updated list of known “fake” websites to protect against phishing scams.
How do you protect your data?
What password policies do you follow to protect your data? Do you have a favorite method not covered here? Please share your story below in the comments section.