CYBER SECURITY | 4 MIN READ
Weak passwords are one of the easiest ways to give a hacker access to your network. Strengthening your passwords and protecting where they're stored better leverages your cyber security infrastructure. Keep reading to learn how you can create and secure a strong password.
Not enough time? Jump to:
Don't Use Repeat Passwords
Using the same password or even a similar variation of one may make remembering passwords to all your accounts easier, but it may also open a door for hackers to break into your accounts.
For instance, if you use the same password for your work email and your company's HR platform, a hacker that figures out the password to your email can also access your HR platform.
Even if you change a password slightly with character substitutions or a variation of capitalization, a hacker can quickly figure out a variation of a password.
Aim to have a different password for every account you have. Even if you use a variation of the same password for a non-important account like your Twitter profile, if a hacker breaks into accounts you don't care about, they are just a few steps away from breaking into accounts that you do value.
Passphrases, created by stringing together a random group of words, are one of the top tips shared by cyber security experts. Secure passphrases can be anywhere from 4-12 words or more, and the longer the passphrase, the harder it is to crack.
For instance, an example of a passphrase could be "chicken G0og7e blue Hawaii". When reading the passphrase, it seems as if it would be easy to crack.
However, according to the website Use a Passphrase, which lets you test passphrases to see how long it would take a computer to crack it, this example would take a computer 1,918 centuries to figure out!
To make your passphrase more secure, consider adding punctuation, character substitutions, and numbers.
Don't Use Easy-to-Find Personal Information
When creating a password for a new account, do you usually include personal information to make the password easy to remember?
Basic personal information such as your children's names, your birthday, and your alma mater are easy to remember, which is why many people include this kind of information in their passwords.
However, in the age of social media, this information can easily be found online. If a hacker browses your Facebook profile, for instance, they can use your pictures, posts, and "About Me" information to find out the common information used in passwords.
Though you may be tempted to include common personal information in your passwords, refrain from doing so whenever possible. If you really prefer to use personal information to make a memorable password, consider using extremely specific information that's not readily available online.
For instance, if your favorite gift you ever received was a new car, then maybe you can include the car in your password. Or, if your favorite food is shrimp and grits, maybe include some variation of that in a password. When building a password, aim to use as much vague information as possible.
Don't Write Down Passwords
Whenever you write down a password, whether it's on a sticky note or in the Notes app on your phone, you create an opportunity for somebody with bad intentions to find it.
For instance, if your business is a hospital, you most likely have nurse stations. A nurse who can never remember the login to the computer may have it on a sticky note stuck to the station. Anyone walking by can find this sticky note, log onto the computer, and access private information.
Aim to set password policies within your organization that instruct employees on how to handle account logins and other sensitive information. Password policies can include points about refraining from writing down account logins, or steps on how to create an effective password.
Creating passwords that are long and complex yet easy to remember stops you from writing them down. For instance, if you create a passphrase with words you can easily recall, like "Tofu China maximize l8ter", then you won't have as much of a need to write them down.
Use a Password Storage Program
If you have different passwords for each of your accounts, you may end up with a long list of passwords to remember. And if you follow our other tip about not writing down passwords, then you really might become stumped on how you're supposed to remember all your account logins!
Thankfully, there are password storage programs such as MyGlue. They are virtual password vaults that centralize all your account logins and then pre-populate the sign-in forms when you log into an account.
Pre-populated logins save you time and reduce stress over remembering 50 different passwords. If, for some reason, your password changes or you want to remove a login from the vault, you have the option to remove it.
You can access all your account logins at any time by accessing your password storage program. Your password vault is usually protected by two-factor authentication, so be sure to create an especially strong password for it.
Use Two-Factor Authentication
Two-factor authentication, which involves using a second method of verifying your identity before you are granted access to an account, is the #1 most recommended tip for securing your password.
Two-factor authentication uses another method, such as a text/phone call, in addition to your login to ensure that only authorized people can access your accounts.
Enable two-factor authentication on as many accounts as possible, especially on more private accounts such as your company's HR platform. When used in conjunction with a strong password, two-factor authentication adds another layer of protection to your account.
A hacker may be able to figure out your password, but if they don't have your phone number, they may not be able to get past the second part of the authentication process for your account.
Creating as much distance between your account and a hacker as possible heightens the possibility that the hacker will get tired of trying to access your account and will give up.
Creating a strong password is one of the building blocks to having a secure network. However, hackers' tactics are always evolving, and it doesn't take long before you start to fall behind them.
Consider using a managed service provider to keep your network protected with the latest security hardware and software.
After an MSP layers your network with technology designed to detect and remove threats, they are available for any other network issues that may arise.
They can also create password policies and other educational tools like phishing tests to show employees cyber security best practices.
Stay one step ahead of hackers by better protecting your passwords today.
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.