Password Security: Some Tips for protecting your Data

Passwords are the key to almost everything in 2023 as they allow you into websites from simple gaming sites to complex business browsers. However, it is also easily the most targeted way of hacking into your account, with many breaches caused by someone gaining access to your passwords, either through social engineering or finding out through hacking a password manager.

To combat and protect your passwords, there are several ways to protect yourself and your company without investing an incredible amount of money and allowing users to be less inhibited by out-of-date practices:

Multi-Factor Authentication

Multi-Factor Authentication, or MFA, is the process of creating multiple steps to log in to your computer or network. The process isn’t complex: When you put in your password, a message is sent to a device of your choice with a code that must be entered in order to gain access. This second or multi-method of confirming you’re the one who are logging into a particular site or device. This added second layers provides a way for you to check the legitimacy of your entry. If you recognize the activity, then your set. If you don’t, this is a sign your credentials are compromised and should take steps to protect yourself.(1) According to CyberArk’s 2022 report, 67’s percent of employees seek work arounds for passwords if it hinders productivity. MFA is simple and easy to implement.

Password Length and Complexity

Having long and complex passwords is a simple yet highly effective way to prevent your password from being compromised. Many websites require your passwords to be a specific length and or complexity. There is a method to their madness: According to Hive systems, having longer and more complex passwords makes it harder to impossible to guess. Most passwords have a combination of numbers, upper- and lower-case letters and in some cases symbols. In their 2022 list, an average 8-character password can be hacked almost instantly. Even only using multiple sets, if the length isn’t long enough, your just as vulnerable. This is why some sites require all of them. An average password with numbers and upper- and lower-case letters can take 3 weeks to force your password. Bump it to 11 characters and suddenly its three years. Combined with regular password changing, hackers would be hard pressed to crack it.   Our recommendation is to have at least 11 characters, with a mix of upper- and lower-case letters plus symbols without repeating the symbols. (2)

Password Managers

With all the passwords you need to focus on every day, having a secure password manager is a smart idea to keep track of your passwords. By having passwords not connect to your device or on a website under another key or password, hackers have a much a harder time even finding the right password, especially if the password is offline. 

Recognizing nothing is secure, password manager companies such as LastPass can be susceptible to hacking, however, password managers are much more secure than lists stored on company computers.

Although, it may be convenient to use familiar information in a password, it is always a bad idea. Since hackers know social information from websites, social media, and other means, it is more than likely they already have access to names of pets, cars, relatives, schools or family members thus taking the guesswork out of their job. Always use unique passwords. This is where a password manager comes in handy as they all come with password generators which are unique and easy to use.

Change Passwords regularly

Most companies’ policies require that passwords changed every so often, typically three months and they cannot be repeated passwords. However, there are times when changing them is necessary.

  • When data breaches of certain websites are announced. There have been plenty of big-name companies that have been breached, some of which hold valuable data. If a company you use has been hacked, it might be a good idea to change your password. This is important was well since most companies that you may do business with require both passwords and password hints. So a breach at one company may provide hackers with password hints that allow them to access data on other websites
  • When you give away your password through social engineering: Hackers are smart, they will find ways to trick you to give not only your passwords but your 2FA codes.

There are other tips to keep your password secure. One is that if your company or website employs security questions, be sneaky with them. Hackers can look at these and then use them for social engineering. Logging off your accounts also allows you to protect your passwords as they could easily be compromised from a remote site. At the end of the day, vigilance and training will keep your passwords safe.