Think of passwords as access to the front door of your digital world. They need to be strong and fortified to protect you from a slew of cyber-crimes. We use our computers and cell phones for so many purposes. If a hacker breaks into your system, they potentially have access to your sensitive and private data, including personal identifiable information, financial and credit card information, health records, personal and work logins, and even your photos and videos.
Gone are the days of struggling to come up with creative passwords. Now, most devices come with password managers that offer suggested computer-generated passwords that are far more complex than what the average person was using – And they even remember them for you!
So why are only 27% of people, according to security.org, using this convenience?
In addition to convenience, the modern feature of password management offers enhanced security, quickly creates unique passwords for all your accounts, and automatically sets you up to utilize the most up-to-date best practices for password creation.
However, if you still insist on creating your own passwords, we strongly advise you to follow these tips:
1. Use a unique password for every account and don’t share it
2. Shoot for six or more words when using passphrases or password sentences. The longer and more complex a password is, the harder it is for password tools to hack them. While some account providers only allow passphrases with no spaces between the words, others follow the NIST recommendations and allow spaces. Still, others allow emojis, which can be very easy to remember and hard to crack. These examples can help point you in the right direction:
- BreakingBadorGameofThrones??
- I’m the #1 Braves fan and want them to win the pennant
- I would eat pizza 7 nights a week if I could!
- When ? was little I wanted to be a ?
- By2040wewillrockettoMars
3. Don’t use a string of a few dictionary words, though, such as fishcastledaydream. Even though it has 18 characters, password-cracking tools look for this.
4. To verify you’re not using a password that’s popular or has been stolen, which means it will be in password-cracking databases, search for it on a list like Wikipedia (use your browser’s search function to search for your password) and enter it into Pwned Passwords (the site is secure).
Double up on your Authentication
Zero-Trust architecture is one of the most widely used standards of all. Regardless of whether your passwords are computer-generated or self-created, two-factor authentication is a key component of the Zero-Trust model of protection. A second method of verification, such as an authenticator app, can significantly reduce the risk of someone accessing your account, even if they get your password. We recommend you add it to every platform you can.
Responsibilities of Account Providers
It is the account provider’s responsibility to provide you with a secure verification process to access your account. They should have the capabilities to offer the best in practices regarding account protection. If they don’t, you might need to rethink your provider.
49% of all data breaches involve passwords, according to SMB Guide.
While a strong password locks the front door, true security means guarding every entry point.
At Leapfrog, we’ve developed our CyberRisk℠ Beyond IT Ring of Security, which illustrates how a company needs to go beyond IT to include its people, processes, and facilities in its risk management strategy to maximize its cyber risk protection.
With 25 years of MSP, MSSP, and cyber risk management experience, Leapfrog is an industry leader in providing IT that works seamlessly and cybersecurity services that manage any risk. Contact us today to get started.
Download a PDF of this article.
