Identity theft. Ransomware. Data breach. Malware. Brute-force attack. If you’re familiar with any of these terms, chances are your stomach hurts just reading them.
But Being Afraid Doesn’t Stop Them From Happening
With each passing year, security threats grow stronger, targeting more businesses. What are cybercriminals looking for? Credentials.
In its DBIR: 2021 Data Breach Investigations Report, Verizon found that usernames and passwords (i.e., credentials) account for about 60% of sought-after data in a security breach. On top of that, money is the motive in nearly 75% of incidents across all industries.
Simply put, criminals are actively attacking networks on a daily basis for financial gain, and none of us are immune.
While we examine cybersecurity in-depth in a separate article, for the scope of this discussion, we will be tackling the front line of security: secure password creation and management.
First, let’s take a look at how safe your current passwords are. In 2021, Statista created a chart detailing how long it takes to crack different types of passwords. Where do yours stand? View it here.
The message is clear: the most secure passwords are long, complicated, and completely random.
But how do you keep up with them all? And how long should you use them? Is it okay to share your password with a trusted friend? How do you know if a password has been compromised?
Let’s look at the Do's of creating and managing secure passwords:
- Do use a different password for every site you log in to. For instance, your work password should be completely different from your Netflix password, which should be completely different from your bank password.
- Do choose passwords with a random, nonsequential combination of at least twelve numerals, upper- and lowercase letters, and symbols. As an example, instead of mypassword1234!, try 1Pw!aD2m4So3YsR. The second password contains the same components as the first, but is far more secure.
- Do use two-or-more-step authentication. This means that beyond just requiring a password, a site will also send a secure code to your cell phone or email address, which you’ll then type into the log-in screen.
- Do use made-up information for security answers (i.e., the questions you answer if you forget your user name and/or password). This means that instead of using the true name of the street you grew up on, you use a different, fictional street name. This helps keep deeper personal information safe.
- Do use password management software (i.e. Dashlane or LastPass, etc.) to help you securely create, store, and manage passwords across all your devices.
- Do regularly check if your passwords have been compromised.
- Some companies, like Apple and Google, have this feature built in to their devices and apps, and will alert a user in the event of a security issue.
- To proactively check for breaches, use HaveIBeenPwnd (haveibeenpwned.com). On this site, users can anonymously and safely check the security of individual passwords and find out if their information has been part of any known data breach.
- Do change your password every few months—or immediately, if you’re notified there’s been a security issue.
Now for the Don’ts:
- Don’t choose a word or words as your password—for instance, mydogisawesome or tennessee.
- Don’t use personal information as your password, such as your date of birth or your social security number.
- Don’t use your user name as your password.
- Don’t recycle passwords. If you’ve used a password once, it’s done.
- Don’t tell anyone your password. If you’ve already let it slip, change the password now (remember, even close relationships can end, and a friend today might not be a friend tomorrow).
- Don’t leave your password written anywhere near your computer: on a sticky note, under your mouse pad, behind your monitor...
Your best defense against any kind of cyberattack is prevention, and that starts with a secure password. We hope you feel empowered and ready to start making your information a lot safer!