Best Password Practices Everyone Should Know
Posts by Alan TaylorNovember 22, 2022
A strong and secure password remains one of the best ways to keep your digital life private and under your control. Yet, in a world where every second site needs a password, how do you even keep track of them, let alone do so safely? Luckily, we have some useful tips to help.
Why Passwords Still Matter
CyberGhost’s article shows that creating stronger passwords is as important as ever. A frightening number of password breaches occur simply because we use easily mineable data to create ours.
With the proliferation of social media, and more digital communities, you’d be surprised- and horrified- to see how much about you is out there in the world, waiting for hackers to match it to your accounts.
One reason we advise against repeating passwords is that once there’s a data breach from one source, that information lingers. The ‘bad guys’ will try it against other accounts tied to your avatar, handle, persona, or real-life ID, hoping you messed up and reused it.
An alarming number of us think alike- making password spraying easier than ever for these criminals. Simply line accounts up and throw common passwords at them.
Eventually, you’ll score a hit! ‘Dictionary attacks’ are also a thing- and yes, they are exactly what they sound like- simply running an ultra-fast algorithm that throws words against accounts to see what cracks.
So how do you stay safe? Try these password best practices:
Discretion
Obvious but frighteningly underutilized! You likely wouldn’t hand out your ATM card or PIN code to everyone, so never do it with your username or password. And be careful what else you are revealing on social media, too.
Those adorable pics of your children with the family dog may warm grandma’s heart, but to a lurking hacker, they’re obvious password prompts and answers to security questions waiting to be mined. Nobody but you ever needs to know your password.
Variety
Even the strongest password becomes riskier the more you use it. If you are using a variety of passwords over accounts, one account being compromised doesn’t invite cyber criminals to access everything you own. If it is getting difficult to track, turn to an encrypted password manager.
Dual-Layer
Multi-factor authentication should also be part of your daily life. Even the strongest passwords can’t do all the heavy lifting for you.
With the second layer of protection present- especially one reliant on an app, token, or code sent to a physical device- you have considerably more protection than with the passcode alone.
Length
Surprisingly, length trumps complexity in the password world, although both are better. Remember when we mentioned those algorithms used to hack accounts earlier?
It takes an immense amount of tries per character to identify what is right- so the more characters, the longer it takes. Not only does this increase the likelihood of the cyber criminals being blocked or caught before they manage an intrusion, but it also makes you look like an unfavorable target.
While anything over 8 is relatively secure, it’s better to aim for 16 as your base minimum.
That doesn’t mean complexity doesn’t count! You create a wider files of possibilities when you introduce a solid amount of capitals, lowercase letters, special characters and numbers.
If the ‘a’ in your password could be ‘a’ or ‘A’ or ‘@’, you have three times the field to choose from- and it will take even longer to figure it out by brute force attacks.
Use Memory Tricks
While a password manager can be useful for controlling the growing number of logins we need daily, so can simple memory tricks. Hjhjkh!# is a tough one to remember.
But a phrase- let’s use Johnny the Cat as an example- becomes much more so. Even as a stand-alone phrase, that’s a decent password, especially if the spaces can be kept.
But let’s rework it with our other tips. J0hnnY_tH3_Cat! It is even more secure and difficult to guess but simple to remember. Use that one only if you have no family named Johnny and no kitty that you treasure.
In general, avoid single words, single words followed by a single number, and no real information others can guess about you to create your passphrase. This mitigates your risks from social overshare and dictionary-style blunt force attacks too.
While creating a solid password can seem overwhelming, it’s a lot easier than you may assume- and in our digitally interconnected lives, absolutely critical too.