Despite the increasing number of password breaches and data leakage incidents demonstrate that passwords aren’t always, they’re still the most widely used authentication method. Infact, we’re seeing an alarming number of users still using poor password practises when setting up their accounts. Interestingly, this trend isn’t geographically-constricted, rather a global issue.
Some particularly risky practices can contribute to poor password hygiene include: reusing passwords for several accounts, creating predictable credentials, and using personal information like birthdays or names. Are you guilty of using any of these?
If yes, we’ve prepared an in-depth guide to help you secure your accounts and improve your overall online safety.
How to make your passwords secure
1. Create strong passwords
Personal information like family or pet names and birthdays are often publicly available on social media so,t it only takes a couple of minutes for a determined hacker to get a hold of such information. That said, it’s best to avoid using such information in your passwords. Consequently, using personal information in your passwords can undermine your security and increase your chances of experiencing a data breach. When creating new credentials, bear in mind that they should
- Be at least twelve characters long
- Contain a unique combination of letters, numbers, special symbols, and random punctuation
- Not include dictionary words
- Not contain memorable keyboard paths such as ‘ABCDEFG’ or ‘QWERTY’
There are many practical password-generating methods you can choose from. For instance, try transforming random sentences into passwords or pick a memorable expression and omit the first three letters of each word. You can also try replacing vowels or deliberately misspelling words in your password.
2. Be careful when sharing your credentials
From Netflix and Spotify to social media, we usually don’t see any problems with giving our loved ones access to our accounts. Unfortunately, when such relationships end, your account’s safety could be at stake.
One of the most common yet unreliable methods of sharing credentials tends to be writing it down on a piece of paper. To minimize the risk of exposing your data to unauthorized parties, share passwords wisely. For instance, if you use a password manager, look up if it has a secure password sharing option that will ensure all of your credentials are shared with encryption. However, if you don’t have this option and absolutely have to give someone access to your account, disclose your password verbally, either in person or over the phone. If you’re sharing passwords via messenger, pick an encrypted messaging app like Signal or Threema, and don’t forget to delete the message as soon as the message has been conveyed.
3. Create a unique password for each account
In this day and age, passwords are the only thing you don’t want to recycle. Since our memory isn’t our most reliable cybersecurity ally, we often avoid creating new passwords and simply reuse our old ones. It’s particularly dangerous to use the same credentials for your personal and business accounts. This way, hackers can get their hands on sensitive company data and endanger your projects and ventures. Aside from exposing your company to countless cybersecurity threats, you may entangle yourself in some serious legal issues.
4. Log out from someone else’s device
If you’re staying with friends and family and have to use someone else’s device to check up on your emails and social media accounts, make sure to log out once you’re done. Regardless of your trust in your loved ones, you can never know who can get access to their device and steal your credentials. When using someone’s device, the best option is to browse in Incognito mode. This way, the browser will automatically delete your login information when you close it. However, if you haven’t used Incognito mode, clear all the cookies and cache from the browser to make sure your credentials have been deleted. If you haven’t followed these steps and you suspect you may still be logged in on someone’s device, services like Google have the option to delete your account information remotely. Most social media platforms have this option as well. If you forgot to log out from your Instagram or Facebook account, find the “Where you’re logged in” section in your Security and login settings and find a device you want to delete.
5. Securely store your passwords
Storing passwords on your devices, or even worse, on a sticky note, is a terrible practice that can expose and compromise your credentials in a blink of an eye. The safest way to store your passwords is by entrusting them with a password manager. There are several types of password managers, and you should choose the one that works best for you. However, remember that cloud-based password managers may be a safer option since you’ll be able to retrieve your information even if your device gets stolen or lost. On the other hand, if you use a password manager that stores data locally, your password will get lost with the device. Many password managers can generate passwords as well, meaning that you won’t have to worry about creating passwords ever again.
6. Enable multi-factor authentication
Even though people love to use them, passwords have their limitations. Considering that they’re easily compromisable, they’re not the most reliable authentication method. However, using a few more security layers over your passwords can significantly improve your online safety. Aside from passwords, most MFA tools use biometric elements like fingerprints and security tokens or keys. A user will have to provide all three components to log into the account successfully, and the same goes for a potential hacker. Since obtaining three highly personalized verification features is improbable, your accounts are less likely to be compromised. Also, MFA tools have alerting systems that give you a heads up if anyone tries to break through one of the authentication layers. If you don’t recognize the activity on your account, the system will encourage you to change your credentials and prevent further damage.
Protecting your passwords isn’t an easy task. You need to assess the level of cybersecurity risks you’re exposed to and adjust your protective measures accordingly. Bear in mind that a sturdy cybersecurity plan can’t be developed overnight. Research tools and features that can be useful and implement them one by one.