Strong passwords are required for online security; nevertheless, you must develop separate passwords that you can remember; otherwise, you may fall into the bad habit of using the same login credentials for many accounts. According to LogMeIn, the firm behind the LastPass password organizer, if you count all of your social media, streaming, bank accounts, and applications, you might easily have 85 passwords for all of your accounts.
If your data is stolen, weak passwords might have major repercussions, such as identity theft. In 2019, businesses reported a total of 5,183 data breaches that revealed personal information such as home addresses and login passwords, which may be easily misused to steal your identity or commit fraud. And that pales in contrast to the more than 555 million stolen credentials exposed on the dark web by hackers since 2017.
Most of us don’t have the identity protection of a post-password world. In the meanwhile, consider these recommended practices to reduce the danger of your data being exposed. Continue reading to find out how to establish and maintain the finest passwords, how to get notified if they are compromised, and one key tip to making your logins even safer. And here are three outdated password restrictions that are still in use today.
You can keep track of your passwords by using a password manager:
Passwords that are longer than eight characters, difficult to guess, and include a mix of letters, numbers, and distinctive symbols are considered strong. It might be tough to remember which site is the best, especially if you use separate logins for each (which is recommended). In this case, password managers can be useful.
With the aid of a reputable password manager like 1Password or LastPass, you can create and preserve long, secure passwords. They are compatible with both your PC and your smartphone.
The only caveat is that you’ll have to remember a single master password to access all of your other accounts. As a consequence, make it as long-lasting as possible (and see below for further information).
Password managers are available in browsers such as Google Chrome and Mozilla Firefox. However, our sister site TechRepublic is concerned about how browsers safeguard the passwords they store and suggests using a separate software instead.
Password managers, with their one master password, are attractive targets for hackers. And password managers aren’t without flaws. Last September, LastPass patched a bug that might have disclosed a customer’s credentials. To its credit, the firm was open about the possible weakness and the procedures it would take if hacked.
Yes, you can write down your login information. Really
We know: This suggestion contradicts everything we’ve been taught about internet safety. However, password managers aren’t for everyone, and some renowned security experts, such as the Electronic Frontier Foundation, believe that writing down your login details on a real sheet of paper or in a notebook is a valid approach to keep track of your credentials.
And we’re talking about paper, not electronic documents like a Word file or a Google spreadsheet. Since if someone acquires access to your computer or online accounts, they may also gain access to that electronic password file.
Of course, someone could get into your house and steal the passcodes to your whole life, but that seems unlikely. We recommend putting this sheet of paper in a secure location, such as a closed desk drawer or cabinet, and out of sight at work or home. Limit the number of persons who have access to your passwords, especially for financial sites.
If you travel frequently, physically carrying your passwords with you increases the danger of losing your notepad.
Find out whether your passwords have been stolen.
You can’t always prevent passwords from getting out, whether as a result of a data breach or a criminal hack. However, you may check at any moment for indications that your accounts have been hacked.
If any of your email addresses or passwords have been exposed as a result of a data breach, Mozilla’s Firefox Monitor and Google’s Password Checkup can alert you. They allow you to take the necessary safeguards. Have I Been Pwned will also tell you whether your email or password has been compromised? See our instructions on how to defend yourself if you think you’ve been hacked.
In your password, avoid using popular phrases and character combinations.
The idea is to come up with a password that no one else knows or can readily guess. Common terms like “password,” phrases like “mypassword,” and predictable letter sequences like “qwerty” or “thequickbrownfox” should all be avoided.
Avoid mentioning your name, nickname, pet’s name, birthday or anniversary, street name, or anything else connected to you that someone may learn about you via social media or an emotional conversation with a stranger on an aircraft or in a bar.
Passwords with more characters are preferable: A good beginning point is 8 characters.
When it comes to choosing a strong password, 8 characters is a good starting point, although longer logins are preferable. For enhanced security, the Electronic Frontier Foundation and security expert Brian Kerbs, among others, recommend using a passphrase made up of three or four random words. A lengthy password made up of unrelated terms. On the other hand, can be difficult to remember, which is why you should consider using a password manager.
Passwords should not be reused:
It bears emphasizing that reusing passwords across several accounts is a bad idea. If someone discovers your reused password for one account, they will have access to every other account for which you use that password.
The same is true for changing a root password that changes when a prefix or suffix is added. PasswordOne, PasswordTwo, and so forth (these are both bad for multiple reasons).
By creating a unique password for each account, hackers who gain access to one account cannot use it to gain access to all the others.
Avoid using passwords that have been known to be stolen.
Hackers can easily sneak into an account by using previously stolen or otherwise exposed passwords in automated login attempts known as credential stuffing. If you want to see if a password you’re thinking about using has already been compromised, go to Have I Been Pwned and input the password.
It is not necessary to update your password regularly.
For years, it was a customary practice to change your passwords every 60 to 90 days, because that was the time it took to crack a password.
Microsoft now advises avoiding upgrading passwords regularly unless you fear they’ve been compromised. What’s the cause behind this? Many of us would adopt dangerous behaviors if we were forced to change our passwords every few months. Such as generating easy-to-remember passwords, writing them down on sticky notes, and sticking them to our displays.
Enable two-factor authentication (2FA). However, try to avoid using text message codes:
Two-factor authentication prevents anyone from accessing your account if your password is stolen. Two-factor authentication is a security feature that requires you to give a second piece of information (usually a one-time code) before using a service or app.
Even if a hacker learns your passwords, they won’t be able to access your account. Unless they have your trusted device (such as your phone) and the verification code that confirms it’s you.
While obtaining these codes via text message or phone call to your mobile phone is typical and easy, a hacker can easily steal your phone number via SIM swap fraud and then intercept your verification code.
It is significantly safer to generate and get verification codes using an authentication application. They may include Authy, Google Authenticator, or Microsoft Authenticator. Once you’re set-up, you may opt to register your device or browser so you don’t have to verify it every time you log in.
Being proactive when it comes to password security is your best defense. This includes knowing if your email address and password are available on the dark web. In addition, if you discover that your data has been compromised, we will walk you through what to do if hackers have obtained access to your banking and credit card accounts.