The Perfect Password Protection Post
Passwords – you can’t escape them. Logging in to your computer? Enter your password. Checking your email? Enter your password. Online banking? Enter your password. Passwords are such an integral part of life, and it’s easy to forget how important they are for protecting you and your company. Here are some tips for perfect password protection.
First, the basics…
Don't share your password … not even with your computer. When you let your browser "Remember me," someone who gets access to your Google account or your device has access to your passwords.
Don't use obvious passwords, such as something linked to your personal life, like your last name, birthday or anniversary, or pet’s name. This info can be easily found by cybercriminals through a quick media search.
Go long, complex, or both. A complex password includes a mix of upper- and lower-case letters, numbers, and special characters. Length is even better than complexity. A long password that uses a number, special character, and capital letter is the best of both worlds.
Use a passphrase. It’s much easier to remember a phrase than a random string of characters and numbers. “IReallyLoveSimpleIT!” or “IwenttoMyrtleBeachinandallIgotwasSimpleIT!” is long, complex, and easy to remember!
Keep them unique – use a different password for EVERY site or service. Unique passwords ensure that if one of your accounts ends up being hacked, it doesn’t put the rest at risk. If you realize you’ve created a similar or identical password for multiple accounts, change one of them to be sure each account’s password is unique.
Change your passwords occasionally. For important accounts that give direct access to your finances, confidential health or personal information, or your institutional or governmental accounts, it’s a great idea to change them every so often, even if you are not required to do so.
Be alert for signs your account was compromised. Strange notices? Purchases you don’t recognize? Strange posts? Trouble logging in? If you have even the slightest suspicion someone’s been mucking about in your account, change your password/security Qs ASAP.
Strengthen your security questions. These questions are pretty standard, and the answers are often easy to find with a little online sleuthing. You can always lie or use a passphrase as an answer (e.g., MyfirstpetwasRosie).
Use Multifactor Authentication (MFA) whenever possible. Many other services like Facebook, Google, and most online banking offer multifactor authentication. Check your settings and turn on MFA.
Last, but certainly not least – use a password manager! Password managers are powerful apps made to keep track of and protect all your passwords and generate strong passwords to use on your accounts. They make following the above rules much easier.
Seriously, just use a password manager!
Password managers are apps that generate and store all the passwords you want to save. The passwords are stored securely and are automatically entered on websites and apps when you need to log in. It creates and remembers the strong, unique passwords that keep you safe online and fills them in so you don’t have to.
At Simple IT, we are huge fans of LastPass. In fact, we are a LastPass partner. LastPass provides intuitive access and a multi-factor authentication experience. From single sign-on and password management all the way to things like biometric authentication. LastPass gives superior control to your IT and a passwordless experience for employees.
Many password managers like LastPass also offer options to store more than just passwords, like credit cards, sensitive documents, secure notes, and more.
Two-factor authentication will keep you safe.
Two-factor authentication is a system that adds an extra layer of security to your logins by requiring you to enter a code or confirm your identity in some other way after successfully entering your username and password.
Two-factor authentication is sometimes known as multi-factor authentication, or MFA, because users have more than one option for verifying their identity when they login to an online service. Even with the best security precautions, passwords are sometimes leaked, stolen, or accidentally shared. That’s where two-factor authentication comes in.
Are security questions secure?
No, this is a big mistake we see often. The point of security questions is that they are something that the user can remember because they are true things that the user knows – unfortunately, this also makes them easy to guess. Security questions can add some additional protection if you treat them as an option for a second strong, unique password. For example, instead of answering the security question with the real name of your first pet, you can generate a random password as the answer and store it in a password manager app.
Form a culture of security at your company!
A company "culture of security" is an environment where employees understand the importance of and take part in cybersecurity, from password policies to management of secrets. Security should be a team effort with every single employee involved.
By nurturing this mindset, you will protect the business and its customers and increase overall productivity by letting employees work the way they need to work – while staying secure in the process.
Building a culture of security will take time, training, and ongoing reinforcement, but over time, a company culture of security will:
Enable your employees to be productive and secure.
Lighten the load on IT.
Provide oversight on all the tools your team is using.
Keep employees secure at work and at home.
To close, passwords are the first line of defense when it comes to cybersecurity. Use these lessons, and you will become a perfect password master in no time!
If you want to go over your password protection plan, contact us today!