Tips to Protect Yourself Online for World Password Day and Every Day
In the last five to ten years, large scale data breaches appear to be getting ever more common. It seems like every week, another news story breaks about a large company that fell victim of a data breach. These breaches see millions of users’ personal information compromised, often including usernames and passwords, either encrypted, or in the worst cases, in plain text. In 2017 Equifax suffered a data breach that left over 150 million people vulnerable to identity theft, making it one of the largest cybercrimes in history.
Nearly all websites on the current internet use some form of a username and password system to authenticate users and allow access to their account. Everything from social media to banking and government websites require users to have an account to use their services. Often these accounts can have sensitive information stored like credit card and social security numbers, home address and of course, banking records.
While there is little that can be done from a user perspective to prevent data breaches from websites, there are ways to protect yourself from cyber threats, including using strong and unique passwords.
How to Make Strong Passwords
Passwords can be rated on a scale from weak to strong. What this measures is how easy would it be for someone, using a computer to assist, to guess your password. For example, a password like “password1” or “spring2023!” could be cracked almost immediately. On the other hand, the password “h8c&jxe&_6xr7” could take upwards of 12,000 years to guess.
To make strong passwords, keep these tips in mind:
- The longer the better. Having a long password is the best way to prevent cybercriminals from using software to “brute force” a password by trying as many variations as possible.
- Mixing in multiple special characters. When it comes to passwords, complexity is key. The more varied and seemingly random a password is, the harder it is to crack. Using repeated letters or characters is not recommended.
- Never use common words. While it may be tempting to use words and phrases in your passwords as they are easier to remember, these passwords are vulnerable to dictionary attacks. This is where a cybercriminal can compare a stolen password database to a dictionary of words and use the comparison to figure out pieces of your password.
- Never use personal information. Just as you don’t want to use common words in your password, you also should avoid putting personal information in your password. This makes it easy for bad actors to use social engineering and find places where you may have freely given info like pet names, street names, or spouse names, hoping that they were used in a password.
The best passwords are between sixteen to twenty characters, and are a random string of letters, numbers, and symbols. They should also never be reused, as that means any account that uses that password is only as protected as the least secure service.
How to Keep Your Passwords Safe
Now that your passwords are secure, you must be able to use them effectively, while maintaining that same level of security. While it can be overwhelming to try to maintain a long, unique, and random password for each account you may have, there are ways to keep yourself organized, and not fall back into bad password habits.
Keeping a physical copy of your passwords in a notebook can be a good idea, with some caveats. If you were to lose access to the device that you log into, you would still be able to log into all your accounts from any other device.
However, this book should not be kept with your computer, where it could be easily picked up by any passersby. Ideally, it should be kept in some kind of lockbox for emergency use only. Passwords should never be kept on sticky notes attached to the monitor and should not be kept in digital form in a notes app, as both of these methods come with major security risks should the notes be lost or stolen.
There are ways to keep digital copies of your passwords that don’t compromise their security. Password managing software can be used to store accounts, generate new strong passwords, and even automatically fill in the passwords on sites that support it. While there are paid services that provide these functions, such as 1Password or Dashlane, most major browsers also offer built-in password management. It is important to note that these types of software are not immune to data breaches themselves, so it is important to do your research and find a service that you trust to hold all your passwords, especially if the service offers the ability to sync passwords across devices.
Finally, it is recommended that you change your password every six months. This may seem daunting if you have hundreds of passwords, but it can be made easier. If you are using a password manager, many of them offer password generators to create and replace passwords. You can also update your passwords in batches, a handful every month or so, that way no password is the same for more than a year.
A side benefit of regularly updating passwords is that by the time organizations announce that they were the victims of a data breach, your password may already be changed from what was stolen.
Other Ways to Keep Your Data Secure
While having a strong password is essential to keeping your data safe, there are other methods that should be used alongside to add additional layers of protection.
Two-factor authentication (often referred to as 2FA or MFA for multi-factor authentication) is a security method where a secondary form of authentication is required to access a service. This way, if a cybercriminal were to gain access to your password, they still would not be able to log in without your approval. Most commonly, it comes in the form of receiving a code in text message or email form. Other methods include biometric authentication, such as fingerprint or face scanning, or having a physical USB key plugged into the device you are attempting to access.
While two factor authentication is not is not universal to all websites, nearly all major platforms offer 2FA as an option for users to protect themselves. It is highly recommended that you enable it on any platforms that you use, as it can help you prevent a malicious actor from gaining access to potentially sensitive data, even if they somehow gain access to your passwords.
As the world moves increasingly online, the need to be aware of security vulnerabilities online also increases. The best thing to do is to keep yourself and those around you educated on how to stay safe online. Be aware of risks, and if a link, a chat, or a call feels suspicious, you do not have to give any data that you don’t feel comfortable giving out. To learn more about keeping yourself safe, visit our Privacy and Security page or read our other security blogs.