It all starts with a strong password. We all have more passwords than we care to have. It might sound simplistic, but strong passwords are a MUST for protecting our identity, reputation, and assets in this digital age.
The Composition of a Good Password
- A four-character password is much weaker than an 8 to 12-character password. A good rule of thumb is never to use password shorter than eight characters, with both numbers and symbols.
- In no way should you use the default password
- Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
- ALWAYS Include numbers and special characters
- Avoid repeated numbers, characters or sequences such as 123456789, 11111111, or aaaaaaaa
- Never use the user name, or any combination of it, as your password. Don’t use your domain name as your password either.
- Don’t use look alike substitutions like “P@55W0RD”, or n0t@home”
- Use the entire keyboard, and try to use the less common keys
- Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
- Never, ever use a blank password.
A combination of several words that aren’t themselves a word interspersed with special characters (e.g., !4scOrE&s*efdNYeaRs_Pu0)
A word with digits of a memorable date sprinkled inside it (e.g., vacation -> 0vac2a0t9io19ln99)
Stay away from the obvious. Come up with unique passwords that does not include any personal info such as your name, street, city or date of birth.
Keep Your Passwords Safe
Ideally, you would never write down your passwords, but it is becoming difficult to do with so many accounts. If you have to write them down, keep them locked in a safe or some other secure environment. Passwords on Post It notes are a recipe for disaster. Don’t do it!
Avoid typing your password on public computers or public WiFI. Unfortunately, many public computers have been compromised, making their users vulnerable for malicious keystroke logging scripts.
If someone has to use one of your accounts, log them in instead of sharing your password. Don’t give out your password over the phone unless you have initiated the phone call. Telephone conversations are not considered secure. Neither are online chat, email, or instant messaging.
Change your passwords regularly. A new password every 45 days is a good practice. Having the same passwords for years is a weak security practice. Set yourself reminders in your calendar. Make it a routine procedure. You’ll see that after a few months, it becomes a habit.
Are Your Passwords Are For Sale?
Beyond the risks of having your password cracked, cybercriminals may simply buy your passwords off the dark web. Yes, there is a marketplace to buy people’s passwords and that is precisely why you need to change your passwords frequently. When there is a data breach on some website you use, your email and password are not likely to be sold on the darkweb.
Out-Dated or No Anti-Virus: Make sure you use a firewall and virus protection on your machine. Non-existent or outdated virus protection make you many times more at risk for loosing your passwords to cyber criminals.
Phishing: Another popular method to obtain your password is via “Phishing “. Cybercriminals try to trick, intimidate, or pressure you through social engineering into unwittingly doing what they want. A phishing email may tell you (falsely) that there’s something wrong with your credit card account. It will direct you to click a link, which takes you to a phony website built to resemble your credit card company to log in. Once you do that, they have your valuable password and email combination.
Check for SSL (https): Does it have https in the address bar, ensuring a secure connection? That helps to keep your connection secure when entering your password online. However, just because you see the https lock, doesn’t mean that the site is 100% safe.
Two-factor authentication (2FA) and multi-factor authentication (MFA) add an extra layer of protection (which becomes your first layer of protection should your account details ever get leaked). They require something in addition to a password, such as a code sent to your phone, biometrics (fingerprint, eye scan, etc.), or a physical token. This way, as simple or complex as your password is, it’s only half of the puzzle.
No matter how strong your password, malware such as keyloggers can capture it, and using an open WiFi hotspot without proper security could be the moral equivalent of writing your password on the wall for all to see.
Password managers suck as BitWarden and Lastpass will remember your complex passwords to make it easier. You will just have to remember a solid master password (that you update regularly) or use biometrics to unlock the filling in of your passwords into various website and app login screens. Moreover, they can generate super-complicated, extra-long passwords that are infinitely more difficult to crack than any passwords a human might come up with.
Protect your login information further with these common sense high-security tips: Use a VPN when on public Wi-Fi. That way, when you log into accounts, no one is intercepting your username and password.
Never text or email anyone your password. When selecting security questions while creating an account, choose hard-to-guess options to which only you know the answer.
If you give your password to a family member or friend, you should change it after they are done accessing the software or account. You never know where your password information may accidentally end up.
Remind your family and friends to protect themselves too. Breaches continue to happen, so just by sharing this information with friends and family, you will be helping them to protect themselves in this scary digital age.
For a more technical overview of password and multi-factor authentication, the National Institute of Standards and Technology (NIST) has published a very comprehensive document for IT professionals to follow when creating a standard for password policies for their clients. Read it here
Tech Tuesday is heard each Tuesday on Mix102.5 with Big Poppa and CCNY Tech Engineer Jake Sears. Since 1988, CCNY Tech has been an IT Hardware Sales and Services company. Ten years ago, CCNY Tech has added IT Asset Disposition to it’s offerings.