Have you updated your passwords recently? World Password day comes in May every year to remind us of the importance of updating and improving passwords and security practices online. This year, we learned a few key statistics that highlighted how important it is to protect your information online. According to PCWorld, data breaches are occurring more often (with 4 large breaches that have occurred already in 2019), and their impacts are growing as well.
Those with more online accounts (including on websites, phone applications and internet-connected devices) should also take care to create a unique username and password for each account because a larger online footprint exposes them to more risk. In this post, we’ll give some tips for reducing bad habits (browser-saved password, stay logged in options, same password for multiple accounts) and suggest some tools that can help.
First Line of Defense: Creating a Strong Password
Your first line of defense for the security of your data is your password. This matters for every login you have – not only the ones that have financial or other sensitive information. If hackers can just simply get your email, they have one more entryway into your data. Here are some of the steps to creating a strong password:
Avoid Public Details: Nicknames, birthdays, quotes, and pets are all readily available to hackers via social media or other online databases. This provides a shortcut to finding your password, even if you add digits to the end. Password cracking programs have no trouble finding the right digits. Instead of using these details as your base, use random strings of words and numbers – you can even make up a saying to help yourself remember.
Make Every Password Complex: Your password should be more than 8 characters and use a mix of lowercase, uppercase, digits and punctuation. According to Sophos, a password cracker can find even 8-character passwords in a matter of seconds, so passwords of at least 14 characters can help keep information safe.
Create a Unique Password for Each Account: The World Password Day group recommends the 1:1 approach, meaning using a unique password for every site (and not just changing out the digits after the base password). The organization also recommends against saving your password in your browser (which could be used by someone who gained remote access to your computer).
In addition, many social media sites such as Facebook or Twitter allow you to login to external apps or sites using your social media qualifications. Large social media sites like this are prime targets for breaches, so avoid linking online accounts to these if possible.
Use a Password Manager
One way to make creating and remembering complex passwords more convenient is to use a password manager. This is a program on your phone that will generate passwords for you and keep them all in one place. The advantages of a password manager are twofold: it both creates and stores passwords for you, so you don’t have to remember the random strings of letters and numbers that you have for each online account. Some examples of password managers include LastPass, KeePass, and IPassword. Remember, you need a strong password for your password manager.
Using Two-Factor Authentication
Lastly, utilize two-factor authentication, also called multi-factor authentication (MFA) on all sites it is available. MFA drastically reduces the risk of a breach by adding on another layer of security. Often, you have your phone or other device with you anyway, so it is not only safer to use MFA, but also equally convenient. One of the main goals of World Password day is to encourage people to “layer up” security by using two-factor authentication.
Two-factor authentication is another layer of security that is added after you enter your password before you can access your account. It can work in a number of ways:
Single-use code: Single-use code is the most prominent of two-factor authentication – the site will generate a single-use code that is personal to you and send it via SMS or email to your mobile device. These single-use codes work very well for security because they make it possible for the site to better ensure that the proper user is logging in. They also expire after a matter of minutes.
Biometric ID: Most new smartphones and many computers now have biometric IDs such as fingerprint or facial recognition. Adding this as an additional step can also help keep your safe.
USB Token: This is the least common, and uses a USB to provide a second layer of authentication after the password is input in the site.
Not every website or application uses two-factor authentication, but you can view those that are and encourage more companies to use it at twofactorauth.org. For those that do, you’ll need to implement. When you first login to an online account, you can typically choose two-factor authentication as an option. Many sites also provide reminders or updates that will allow you to implement. Usually, you can find these in the settings section of your account – security/ passwords section.
World Password day comes around once a year, but what we learn can and should be used all the time. Practice these three tips and you can help ensure your information remains safer from online threats.