Password Security — The Best Practices to Ensure Safety

Passwords provide the first line of defense against unauthorized access to your computer and personal information. It makes sense, then, that you would aim to have a highly secured password. However — due to advanced technology and the increasingly intelligent cybercriminal space — even your everyday password is at risk.  

According to the 2021 Verizon Data Breach Investigations Report, credentials are the primary means by which a bad actor hacks into an organization — with 61percent of breaches attributed to leveraged credentials. Fortunately, following several best practices can help you in this process, and ensure protection against cyber attacks.  

‍

‍

Password Best Practices  

Although creating passwords can be a pain, strong ones are also a necessary means of defense against hackers who will stop at nothing to gain access to your accounts. It’s worth the time and effort to keep hackers off-balance.  

Some of the ways in which to do so include: 

Enable two-factor (2FA) or multi-factor authentication (MFA). Perhaps the most important technique, this extra layer of security means anyone attempting to log into your account (yourself included) will need to control those additional authentication factors outside of username and password. Sometimes referred to as two-step verification or dual-factor authentication, it is a security process in which users provide two different authentication factors to verify themselves.

Don’t use Dictionary words. Avoiding dictionary words can help prevent you or your business from being a victim of a dictionary attack. A dictionary attack is a brute-force technique where attackers run through common words and phrases, like those from a dictionary or basic keyboard patterns such as 12345 to guess passwords. 

Don’t use personally identifiable information. Use a passphrase instead. Try using a passphrase for your password; a series of words that are easy to remember, but hard to guess. Passphrases generally tend to be longer and more complex than the average password, which increases overall security. 

Use different passwords for every account. Using a unique password for all your online accounts may seem like much work at first, but keeping your information safe from cyber criminals is worth the effort. When using the same password for multiple sties, it only takes one data breach to compromise all of your accounts.

Avoid storing passwords, in electronic or paper documents. Avoid storing passwords, as this information can be stolen by those with malicious intent. When passwords are stored in unecrypted electronic formats, such as a word document or excel spreadsheet – or on paper, such as a notebook or sticky note – they can be easily stolen by someone with malicious intent. This problem is magnified when the electronic documents are stored on an internet accessible cloud service such as OneDrive or Google Drive. If you’re having difficulty remember passwords, you can always try using a password manager instead. 

Use a password manager. Utilizing a password manager is one of the top safety practices recommended by security experts, yet only 39% of consumers use one. A password manager is a software application designed to securely store and manage online credentials as well as generate passwords. These passwords are stored in an encrypted database and locked behind a master password. The programs are designed so that even the service owners can see your passwords.

‍

‍

Why the Length of your Password Matters

Google studies state that 75% of users find it difficult to manage their passwords; thus, they resort to common passwords. According to the Center for Internet Security (CIS), length is the most important element of a good password. The single best thing you can do to make your password more secure - other than enable MFA- is to increase it’s length.

NIST now recommends a password policy that requires all user-created passwords to be at least 8 characters in length, and all machine-generated passwords to be at least 6 characters in length. It’s also recommended to allow passwords to be at least 64 characters as a maximum length. This allows users additional protection where needed. 

The longer the password, the longer it will take to crack.When a password cracker has more characters to fill when attempting to guess the correct password, it’s exponentially less likely to get it right. 

The Takeaway 

While technology in many ways works to make our lives easier, every new website and application we sign up for is another password we must remember. Strong passwords help prevent unauthorized access to your electronic accounts and devices. To ensure protection against cybersecurity risks, taking steps toward stronger security is essential.  

Enabling two-factor authentication is the best way to protect your accounts - especially in the case of a data breach. During a data breach, this additional credential can keep your data safe because to access an account, someone will need a factor that belongs specifically to you. 

Our team at Riverstrong is always working to ensure cybersecurity best practices, and we encourage you to learn more about how we can help you! Connect with us today!