Did you know that over a billion personal data records were compromised in the USA alone in 2015? I don’t know about you, but that scares me!
In general, the longer the password, the more secure it will be. Start with a password of at least eight characters, with alpha numeric characters, different cases (UPPER and lower case) and special characters (@, *, &, #, !, $). A password can be made stronger for example by replacing “o” with “0,” “e” with “3,” or “a” with “@.”
Using several unconnected words is less likely to be guessed by an attacker. Good examples are quotes, lines from songs or addresses. Avoid any word that appears in a dictionary, commonly used words or phrases, or easily guessed choices such as 1234567890, password, qwerty or abc123.
Two-factor authentication simply means you need two different authentication methods to login. An example of this is Password + PIN or Password + Token/Phone code. The advantage of this approach is that even if someone “cracks” your password, they’d also need your phone to be able to login to the website as you.
Reputable companies will NEVER ask you what your password is. You should never divulge your password verbally to anyone, nor should you share it with a colleague, or write it down on a post-it note or notebook etc.
It’s important to change your passwords on a regular basis. Many of the passwords that are hacked and sold online are several years old. If you change your passwords regularly, the threat of a successful attack and re-use of your password is significantly lower. The more important the password, the more often it needs to be changed.
If an attacker manages to steal a password for one website, they can’t then use the same password to access other websites. This is extremely important, as your internet banking password is much more important than say your blog subscription password.
When visiting a web site that asks for your password, you should ensure that you are actually connected to the intended web site before entering your login name or password. There are many “phishing” emails that try and direct you to a fake site in an attempt to capture your password and then use it maliciously.
Good password hygiene isn’t easy, but is extremely important for both individuals and businesses. Don’t let another year pass without changing your passwords and/or moving to a password manager. You won’t regret it!