2021 Secure Your Digital Footprint Roadmap - Next Stop, Passwords!
On this stop we will investigate how to increase password security and reduce the risk of compromising passwords. This is known as password hardening. Passwords are a key access element between your account and hackers. For this reason, your passwords are a prized commodity with hackers and are compiled into databases they use to attack accounts. If you implement these best practices and avoid some bad password habits, the result will be hardened passwords. However, keep in mind with sometime given all your best-efforts hackers may get your password(s). Do not worry, in the last section of today’s stop we will discuss what to do if your passwords are compromised.
Create a password system!
Before we get into specific tactics to harden passwords it is a good idea to think about your current system of keeping track of your passwords. A password system can be as simple as a notebook you keep secured or as high tech as a password manager that keeps a secure digital record. Whatever system you choose should only be accessible by you, easy to use and update, and if digital should be secured with a very strong password or biometric encryption (thumb print or facial recognition for example).
Password best practices
These best practices for password hardening are essential to have strong secure passwords.
· Rememberable – Using a password phrase is much easier to remember than a word with a mix of capital letters, numbers, and special characters.
· Length and Complexity – Complexity considers how long the password is, and the types of characters used. Strong passwords are at least 16 characters long and have a mix of characters (capital letters, numbers, and special characters like an exclamation mark). Recently experts have advised that length is more important than how complex the characters are. For example, the password “0r$g0n!” is less secure than “I like the state of Oregon!”. The first password is seven characters long and the second is twenty-seven characters long. The first would take just over 5 days for a password cracker to break while the second has too many characters to be cracked (a password cracker is a piece of software that tries to guess your password).
· Use Multifactor Authentication (MFA) – If available you should turn on MFA on all accounts. MFA is a second step authentication (answer an established security question, code sent to you via text or email, or a token generator). MFA adds another level of security that protects you if someone is trying to guess your password or evens access your account.
· Update passwords regularly – best practice is to change your password at least every three months, for all accounts. Updating passwords is not the most enjoyable of tasks but is the best proactive step you can take to keep your accounts secure.
Password bad habits you should break.
· Reusing passwords – do not use the same password for multiple accounts. This is where the password system you develop is very helpful. If someone gets your password, then every account with that password is vulnerable.
· Using “Remember me” option – having your internet browser save your password for a website stores that password on your computer and is easily found if your device is compromised. Also, if anyone gets possession of your device, they have unobstructed access to your account.
· Sharing passwords – sharing passwords increases your chances your password could fall into the wrong hands. There are times when sharing a password is merited, such as a Wi-Fi password, ensure you trust those you share the password with.
· Creating passwords with personal information in them – more and more of our information is now in digital form. The result is that hackers can accumulate databases of this information. If a password is created with personal information such as a spouse of child, this could lead to the account being hacked much easier.
What to do if your password is compromised?
Your immediate action should be to change your password. This will lock out anyone who may have gained access. Second, check your account settings and make sure your contact information is accurate. Third step is to review your account and make sure no unauthorized actions have been done.