One of the most common ways that hackers get into places they shouldn’t is via simple, easily guessable passwords. So it’s essential that all our passwords must be difficult to guess, while two-factor authentication is an additional barrier to cybercriminals.
It doesn’t have to be complicated or time-consuming to protect your cybersecurity. We’ve teamed up with Rick van Galen, Senior Security Engineer at 1Password to give some simple steps to password management best practices.
1. Make all your passwords strong and unique
We all know that passwords like 123456, qwerty, and password123 – or anything that includes your name or date of birth – are an absolute no-no. Every password you set also needs to be long – ideally, 20 characters for character-based passwords and four words for word-based ones. Additionally, you must never reuse a password, no matter how random it is. Whether you need to remember 10 or 10,000 passwords, they all need to be different.
2. Use two-factor authentication whenever you can
Whenever two-factor authentication (2FA) is offered to you, take it! It provides an extra layer of security that protects your accounts from thieves who have managed to find or deduce one of your passwords. You can ask for a time-based one-time password (TOTP) to be sent any time someone tries to sign into your account – it could be via email, a physical security key or a dedicated authentication app. Avoid using text messages for 2FA, as SMS authentication is vulnerable to SIM-swap attacks, which occur when a hacker steals your mobile identity by transferring your phone number to a new SIM card in their possession.
3. Share passwords securely
Everyone has passwords that they need to share from time to time. At home, it could be the Wi-Fi password or log-ins for a streaming service. At work, you might need to share a subscription to a trade publication or the license key for a particular piece of software. Be very careful about the way that you share your passwords and never leave this information lying around – don’t rely on Post-It Notes or insecure text messages, emails or spreadsheets.
4. Consider a password generator or password manager
If you use the same set of characters for all your passwords, you’re putting yourself at risk, so using a password generator is a good way to protect your security online. Having said that, no one can remember 100 different passwords, especially if they’re random strings like UmxT9t4s8B6sVhr6mvSo. The solution? Adopt a password manager that does all the creating – and, crucially, the remembering – for you.
5. Set strong passwords/PINs for all your devices
Finally, even if you have strong, unique passwords for all the sites and services that you use, you mustn’t forget about your devices as well – make sure that your phone, laptop, or tablet is not an open book. That means your PIN can’t be 1111 or the year you were born (they’re simply too easy for a criminal to guess). Also, consider using biometric unlocking methods to keep your data safe.
Online security doesn’t need to be complicated. If you follow the 5 tips above, you don’t need to ever change your passwords – unless you know they’re weak or suspect they’ve been compromised in a breach.