National Change Your Password Day falls on February 1st. Although it may not be a holiday that gets you off work, it serves as a good opportunity each year to do a brief evaluation and ensure you’re using strong passwords that will keep your accounts protected.
The previous recommendation was to change your password every three months. With advanced tools like password managers and data encryption, experts now emphasize that the type of password you use is more important than how often you create a new one. We’re providing up-to-date guidance on how to create a strong password that will keep your account secure and hackers guessing.
Make It Complex
To achieve complexity, combine uppercase and lowercase letters, numbers, and special characters. Avoid using easily predictable information like birthdays, names, or common words. The more intricate and unique your password, the harder it is for hackers to decipher it.
Longer Passwords Are Harder To Crack
Long passwords offer an additional layer of security. Hive Systems reports that an eight-character password can be cracked in less than one hour through brute-force hacking! When creating a new password, aim for a minimum of 12 characters, and consider using passphrases. Passphrases are composed of random words or a sentence, which can be both stronger and easier to remember.
An example of a random passphrase would be something like: cogwheel-rosy-cathouse-jailbreak.
This passphrase was generated from the website useapassphrase.com, which automatically creates a four-word passphrase for you if you’re stumped.
Use Unique Passwords For Each Account
It is of utmost importance to refrain from using the same password across multiple accounts. If one account is compromised, having unique passwords for other accounts ensures that the impact is limited. Consider using a reputable password manager to help you generate and securely store your passwords.
*Do NOT use Google or your browser's password manager. If your Google account gets hacked, all of your passwords will be, too. Discuss with your IT team about what password management tool they recommend for you and your organization.
Update Passwords Yearly
Provided your account remains secure, you only need to change your passwords once a year to minimize the risk of unauthorized access. The only time a regular password change routine would be exceptionally helpful is if someone has access that you don’t know about. Changing your password regularly can make it more challenging for attackers to maintain access to your accounts over an extended period of time.
Engage Multi-Factor Authentication (MFA)
Implementing multi-factor authentication is an additional simple method to enhance the security of your password. MFA typically requires combining something you know (your password) with something you have (like a code sent to your phone). Even if your password is compromised, MFA greatly decreases the likelihood of unauthorized access.
Set Up Strong Password Recovery Alternatives
Use password recovery options like security questions or alternative e-mail addresses to enhance your account security. It’s important to select questions with answers that cannot be easily guessed or found in public information. Therefore, we should avoid asking questions like “What’s your mother’s maiden name!”
Use Password Managers
You don’t have to try and remember every password, and it’s not advisable to write them down on a sticky note on your desk. Instead, opt for a reliable password management tool that is secure and will handle keeping track of your passwords for you.
Bonus points if you disable the auto-fill feature. Hackers can infiltrate sites and install a little bit of code on a page that creates a second, invisible password box. When your password manager populates the login field, it will also populate the hidden field, giving hackers your password. This isn’t particularly prevalent, but it still poses a risk.
Regularly Review Account Activity
Keep an eye on your accounts to spot any suspicious logins or activities. Many online platforms often provide options that notify you of login attempts from unfamiliar devices, allowing you to quickly respond in the event of unauthorized access.
It’s always good to stay vigilant against phishing attempts. Never click on any suspicious links or attachments in emails and avoid public Wi-Fi. Make sure to only use secure connections and educate and train your team on what to look for when it comes to cybercrime so they can protect themselves, you, and the company.
As cyber threats continue to evolve, it becomes crucial to master the basics of cybersecurity, such as crafting robust passwords. By staying proactive and making well-informed decisions, you can significantly enhance your online security.
However, as the leader of your organization, it’s important to remember that nothing is ever foolproof. Educate your team on cybersecurity best practices. Unfortunately, though, mistakes can and will still happen. It’s not a matter of if, but when. You must have a robust cybersecurity plan in place. Having the right IT team will make sure you have every protection in place to keep you safe and a crisis management plan ready if something goes wrong. To find out what gaps you might have in your cybersecurity system and to discuss potential solutions, schedule a FREE, no-obligation Discovery Call today! Click here to book yours now.
