24 November is ‘National Check Your Passwords Day. This day was created by Tweakers several years ago. Unfortunately it still is necessary to bring attention to strong passwords and proper password use. Just imagine: how many data breaches could have been prevented if employees had used strong passwords? Or if they had not shared their passwords? The right password use can prevent a lot of harm. We will share 8 Tips for creating a secure password.
Size, special characters, large caps matter
We use a lot of passwords every day, both privately and professionally. Research shows that passwords like ‘welcome123’, ‘november2022’ and ‘password123’ are still used way too often. The reasons, among others, are ignorance and complacency; these kinds of passwords are easy to remember after all.
Most organizations have now set requirements for the makeup and length of passwords. The number of characters, with added required variation between lowercase and uppercase letters and special characters has become pretty common. Unfortunately we are still seeing that organizations think they are safe with twelve-character passwords.
Which risks are manageable?
The strength of passwords or any alternative authentication system must be in proportion to the value of the system which requires protection. Decide which risks you want to manage, and what kind of password or other access security like two-factor authentication is best suited. An important lesson, for example, is ‘make sure not to get hacked’. If one of the most common ways of stealing passwords is ‘keystroke logging malware’, we need to focus on preventing malware from getting on to computers. Another danger we frequently encounter in the field, is the sharing of passwords. Usually someone with a higher position who will ask for a password. Here it no longer matters how complex you have made your password.
Also take a moment to think about employees frequently traveling abroad. What happens when they log on to their accounts on a computer that is not theirs, like a public computer in a hotel lobby? Or in countries where digital surveillance is a lot more widespread than in Europe?
An automatic password reset which uses personal questions also poses a risk. These questions are nothing more than another password themselves. If the answers to these questions can be found on the Internet (e.g. with the use of Facebook or LinkedIn), the current password can easily be exploited.
Passphrases: a great start
Together we need to get rid of the standard, short passwords with characters that are difficult to remember. Instead, start using password phrases: ‘passphrases’. The longer the password, the more secure it is. Use sentences that are easy to remember for you, but can not easily be guessed by others. This way it will be easy to create long passwords.
8 Tips for creating a secure password
In honor of ‘National Check Your Passwords Day’ we will provide you with 8 tips for creating a secure password.
Tip 1: What is your favorite?
- Make sure that your password can easily be remembered by you, but is difficult for others to guess. Take something you like, such as your favorite book or movie.
Tip 2: Use long password phrases: passphrases
- Use long password phrases. For example, a quote from that favorite book or movie of yours. Not short ones like ‘Illbeback’, but long phrases such as ‘IfEveryThingIsAMatterOfLuck’ are 27 characters long and make it hard for cyber criminals to guess.
Tip 3: Unique password for every account
- Use a unique password for every account. If one of your accounts is compromised, the password cannot be used to gain access to another account.
Tip 4: Sharing is not caring, in this case
- Never share your password. Not even with a trusted acquaintance or someone at your workplace with a higher position.
Tip 5: Don’t save passwords in browser
- Do not save passwords in your browser or by ticking the application’s ‘save password’ box. Especially on computer systems which are used by several people.
Tip 6: Use a password vault
- Use a password vault to securely store all of your passwords. All you will have to do is remember one very strong password: the password to gain access to your vault. We see a lot of organizations are using password managers like KeePass or 1Password.
Tip 7: Change passwords regularly
- Regularly change your passwords. Extra-long password phrases do not have to be changed as often as short password. Just think about it: twenty years ago it took 90 days to crack a password of 12 characters, using current technologies that only takes a couple of hours. So, use password phrases that are easy to remember for you, but long enough so they cannot be cracked quickly.
Tip 8: Use Multi-Factor Authentication
- If possible, use Multi-Factor Authentication. In case your password is leaked in the event of a data breach, your information is still safe. After all there is a standard part of the password you are using, which is supplemented with a unique code that can only be used for a limited period of time.
The Holidays are coming up, which is a great time to turn all of your passwords into unique passphrases. We wish you happy Holidays and a cyber secure year!