Passwords are an essential aspect of our online security. From banking to social media accounts, passwords are used to keep our sensitive information safe from cyber threats. However, many of us still use weak and easily guessed passwords, putting our accounts at risk. Keep reading to learn how to create and manage your passwords effectively to keep your online identity safe.
Best practices to have strong passwords
Nowadays, we use passwords almost everywhere online, don’t we? Such a popular topic cannot be ignored, so it is worth focusing on it for a few moments to avoid regretting the consequences in the future, which are not difficult to come by.
Popular places where we use our passwords include banks, email and social media accounts. Typically, passwords created by us have a simple structure and consist of only a few characters. To become aware of the topic of strong passwords, it is worth starting our journey by answering the question: what exactly is a strong password?
According to the NIST Guidelines, there are several important points to follow regarding strong passwords.
Use minimum eight characters
A key factor to start with is the length of your password. NIST recommends that all user-generated passwords should have at least 8 characters. To illustrate the essence of password length, see the image below, which shows the average time it takes to hack a password in 2022, depending on the length of the characters:
Combine various characters
As shown above, the sequence of characters also matters and is included in the NIST document. Users should avoid repeated characters, simple words containing only numbers or lowercase letters. Ideally, a strong password could be a combination of several characters, such as numbers, symbols, upper and lowercase letters.
Avoid the use of hints
The use of ‘hints’ should be avoided for passwords. This is quite popular in older Windows systems, where you could set a hint whenever you entered the wrong password. If a hacker has access to your machine and tries to log in, they probably also have information about you gathered from social media or obtained by so-called Open-source intelligence (OSINT).
Don’t use context specific words
Furthermore, to keep your passwords safe, do not use context-specific words, which can prompt an attacker, such as:
- Actual name or surname
- Name of your business
- Data of family members
- Date of birth
- Pet name
Use unique passwords
Using unique passwords for each of your online accounts is also a great solution because it limits an attacker’s capabilities once they access one of your accounts. This makes other channels better protected.
If you decide to improve your password security, it is impossible not to mention a tool like a password manager, which helps you keep your passwords in one place so that you don’t have to remember all the complicated sequences of characters you have set. For a password manager, you need to have a so-called master password. However you can also run Two-Factor Authentication or biometric authentication, such as fingerprint or face scan, for added security.
By taking these steps, you can protect your online security and keep your sensitive information safe from cyber threats. Nevertheless, a strong password is sometimes not enough to fully protect your accounts. To increase protection, you may consider taking additional measures, such as:
- Enabling Two-Factor authentication,
- Using a reputable antivirus program,
- Keeping your software up to date.
If you realize that your password has been leaked into the network (there are many possibilities, one of which is the breach of your provider/supplier/company data), do not hesitate to change to a new, strong password according to the above-mentioned rules. To make sure your account has not been exposed in any data breaches you can use the Have I Been Pwned tool.
No security features can replace the human factor that is crucial when it comes to passwords. Remember not to share your passwords with anyone, even if the source of the request seems to be trusted – a bank or other public institutions will never ask you for your credentials. If you receive such a request, be aware that it may be a scam.
From an employee’s perspective, having a secure password creates a safer working environment and increases your value to the company. Cyber-conscious and safe world equals happy world. Stay secure!