2019 Cybersecurity Awareness Month: Password SecurityHuman Error on the Street- London, what's your password
Passwords! What a headache, especially when people worry about password safety. Sometimes it seems like that in order to be safe, your password must contain letters, numbers, punctuation, emojis, colors, and at least one Egyptian hieroglyph. But the truth is that it’s easier to create a long, strong, safe password than most people think.
Try using a passphrase instead of a password. Passphrases or sentences will always be longer than a single word (which is good, because government advice now suggests that passwords be anywhere from 8 to 64 letters long!) and they stick in your mind better, because they have more meaning.
Aggie Taylor says she's losing weight naturally but I've heard it's a gastric band 36 sounds like a ridiculous password, but actually it would be a good one. With the processing power current computers have, it would take about 1,318,446,908,660,524,600,000 quadragintillion years to crack it.
Multi-factor authentication (MFA, or 2FA for two-factor authentication) is a tech industry term for using more than one type of verification to get into an account. The idea is that you use multiple things at the same time to really prove that you’re actually you. A password is one example of a factor; a fingerprint is another. Multi-factor authentication makes it much harder for hackers to break into people’s accounts. If they have one password but not the other one or two factors that they need, then they can’t get into that account after all.
- Check whether you can set it up on any of your accounts. Most accounts that you’d want to protect offer it. In a setup like this, the account will ask for something in addition to a password — usually, sending a text message to your phone.
- Use different types of authentication. There are different types of factors: something you know, something you have and something you are. Use factors from different families for extra protection.
- You can use authenticator apps to easily handle two-factor authentication for multiple accounts.
A great way to store passwords is with a password manager. You enter all of your passwords into the manager app, which itself is protected with a password. All you have to do is remember the one password for your manager app, then you have access to all of the rest. There are lots of good password managers, both premium and free. Some of them even will generate secure passwords for you. This is much more secure than writing down passwords.
If you absolutely, positively, have to write down your password, make sure to protect that paper by locking it in a desk drawer or safe. Never leave a password under your keyboard or (even worse) stuck to a monitor.
Let’s take a quick look at a few more tips for making a password that will keep your account safe.
- Don't use easy to guess passwords like birthdates, pets' names, and key combinations like qwerty and 123456.
- Check your password strength online. Many cybersecurity companies have free password strength checkers available, like this one.
- Use a different password for every website and app. If you reuse passwords and one of your websites gets hacked, the hackers will have access to every other website where you use the same (or a similar) password. You may wonder how to keep track of all of those passwords, but that isn't a problem if you use a password manager.
- Don't store your passwords in a password-protected Word or Excel document. Those are easily hacked.
- Never share your password with anyone! If they don't have a key to your house, they shouldn't have your passwords, either.
- The website "Have I Been Pwned" tracks many of the known data breaches. Enter a user name or email address to determine if one of your accounts is located on lists which have already been dumped to the internet for public download. You even can register to be notified anytime your email address appears in a new breach.
Creating and keeping track of passwords can seem overwhelming, but it really isn't that hard. Just use the guidelines on this page to become secure.