A Guide to Password Security Best Practices
Why is password security important?
When was the last time you updated your passwords? If it’s been a while, it’s time to act. Strong password security is your first line of defense against cyber threats. Wondering what makes a password unbreakable or how to outsmart hackers? Regular updates are crucial, but there’s more to it. Keep reading to learn password best practices that will help you avoid common pitfalls (yes, like password12345) and will help you enhance your password security.
Password don'ts
1. Don’t rewrite passwords on sticky notes
While writing down passwords might seem to improve protection against online theft, it can actually make it easier for someone to steal them in person.
2. Don’t save passwords to your browser
This is because web browsers are terrible at protecting passwords and other sensitive information like your name and credit card number. Web browsers can easily be compromised and a wide range of malware, browser extensions and software can extract sensitive data from them.
3. Don’t repeat your passwords (for example, PowerWalker1 to PowerWalker2)
While common, this practice is unlikely to stand against advanced cyber threats. Hackers are too skilled and can quickly crack repeated passwords.
4. Don’t use the same password across multiple accounts
You’re essentially rolling out the red carpet for cybercriminals, offering them a golden ticket to exploit not just one, but all of your accounts. Pause for a moment and consider the magnitude of information at stake if every one of your accounts were breached.
5. Don’t capitalize the first letter of your password to meet the “one capitalized letter” requirement
Out of habit, most of us tend to capitalize the first letter of our passwords to conform with the “one capitalized letter” requirement. However, hackers are aware of this, making it easy for them to guess the capitalized letter’s position.
6. Don’t use “!” to conform with the symbol requirement
When using an exclamation point in your password, avoid placing it at the end. Tucking it elsewhere in your password sequence significantly boosts its security. Additionally, we recommend varying your special character choices. The exclamation point, while popular, is also the most commonly used, making it a less secure option. Consider other symbols to enhance your password’s strength.
Password do's
Here are some password best practices we recommend. Protect the confidentiality of your accounts by implementing these do’s:
1. Create long, phrase-based passwords that exchange letters for numbers and symbols
For instance, if you choose “Honey, I shrunk the kids,” write it as “h0ney1$hrunkth3k!d$.” This makes your password harder for hackers to crack.
2. Change critical passwords every three months
Passwords protecting sensitive data should be handled with caution because there is a lot at stake if they are compromised. If you use a password for a long time, hackers may have enough time to crack it. Therefore, make sure you change your critical passwords every three months.
3. Change less critical passwords every six months
This requires determining which passwords are crucial and which are less so. But no matter how important they are, it’s always a good idea to change your passwords every few months.
4. Use multi-factor authentication
One of the best approaches to barricade hackers is with multiple layers of authentication. With all the resources out there making it easier to hack passwords, we say multi-factor authentication (MFA) is an absolute must. AI-powered password cracking is a trending tactic, which is why we heavily emphasize implementing MFA for all of your accounts. Review this resource to learn more about AI password cracking and prevention.
5. Use complex passwords, longer than 8 characters
Always create passwords that exceed eight characters, incorporating a mix of numbers, letters, and symbols. The more complicated things are for hackers, the better. A pro tip from our IT department: choose a phrase from a favorite movie and intersperse letters, numbers, and symbols throughout.
6. Use a password manager
A password manager can relieve the burden of remembering a long list of passwords, freeing up time for more productive tasks.
More password security tips
Maintaining your password security is a continuous effort that involves being aware of best practices, new technologies, and techniques to further protect your data. Read more about Password Best Practices: The Do’s and Don’ts in our full blog.
