There was a time when people needed passwords only if they were trying to get past the sentry in an old war movie. Simpler times indeed. Now as both our business and personal lives move to the cloud, you can’t even watch that war movie on Netflix without a password.
With cybercrime on the increase – perhaps the understatement of the year – revisiting your online passwords is a good idea, and one that might prevent identity theft on the personal side of the ledger, or a ransomware attack or other data theft at your business.
Everyone knows you should use “strong” passwords, but what exactly does that mean? Let’s take a look:
Make the password at least 12 characters long. The longer the better, just because of simple math. Each additional character makes a password that much harder to crack.
Include numbers, capital letters and symbols. Even if that particular website isn’t picky about having one of each in your password, you should be.
Don’t use dictionary words. A word that can be looked up in the dictionary is more easily found by a hacker, or by the software they use to guess at passwords.
Consider passphrases: How are you supposed to have any hope of remembering your own passwords if you follow those first three rules? Think about using a passphrase. For example, take a phrase such as “I went to Lincoln Middle School in 2004” and use the initial of each word like this: Iw2LMSi#2004. Much easier for you to remember than a random string of characters, and much harder for a hacker to guess than “LincolnMiddle04.”
Don’t post it in plain sight. Not all bad guys are online. Don’t test the honesty of cleaning service personnel and others by writing your password on a sticky note and putting it on your monitor or in your top desk drawer (don’t laugh, we still see this all the time).
Don’t reuse passwords. You should have a unique password for each website or account. At the very least, use a separate one for each category of application (email, social media, business, financial, etc.). But unique passwords are best. If that sounds like too much trouble …
Consider a password manager. There are multiple web services and programs that will manage all those strong passwords for you and even automatically enter them. You simply need to remember one master password to access the service.
Think about multi-factor authentication. When a site or account offers it, set up multi-factor authentication, which requires you to also enter a code emailed or texted to your mobile device. Yes, it’s a pain. But it ensures that no one can access that account unless they have your phone as well. Don’t be surprised if your employer begins to require this for any work-related logins.
There’s no ‘perfect’ in cybersecurity. But basic best practices like these will usually make a hacker move on to an easier target.
Want to know more about protecting your business from cyber threats, or interested in a free dark web scan? Contact Hill Tech Solutions.