Have You Changed Your Password Lately?
According to a recent report published by Verizon, 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Yikes! This is the number one method used by perpetrators to breach companies, up 29% from 2017. In honor of World Password Day on May 2nd, I’m sharing 7 tips for best practices when it comes to making your digital life more secure.
1. NEVER reveal your password to others. You probably wouldn’t give your ATM card or PIN number to a stranger, so why would you provide your username and password to anyone else? Your login credentials protect valuable information – just like a bank protects the money in your account. No one needs to know your passwords but you – not even the IT department. If someone is asking for your password, it’s a scam.
2. Use different passwords for different accounts. This way, if one account is compromised, at least the other accounts you own won’t be at risk.
3. Use multi-factor authentication (MFA). What does this mean? It simply means there are multiple ways to verify who you say you are when you are logging into an account. CIG uses multi-factor authentication for Office 365, which adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you use to confirm your identity before logging in.
4. Length trumps complexity. This one may surprise you. The longer a password is, the better. Use at least 16 characters whenever possible.
5. Create passwords that are hard to guess, but easy to remember. This may sound impossible, but there are a few tricks to the trade:
• Use full sentences or phrases. For example, “breadandbutteryum” is a phrase that’s easy to remember, but long enough that it’s not easily hackable. Some systems will even let you use spaces: “bread and butter yum.”
• Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to crack it.
• Don’t use information in your password that others might know about you, or something that’s easy to glean from social media accounts (e.g. birthdays, children’s or pet’s names, car model, etc.). If your friends can find it, so will hackers.
6. Complexity still counts. To increase complexity, include upper and lower-case letters, numbers, and special characters. A password should use at least three of these choices. To make the previous example more secure, you could use: “Bread & butter YUM!”
7. Use a password manager. Password management tools, or password vaults, are a great way to organize your passwords. They store your passwords securely, and may provide a way to back-up your passwords and synchronize them across multiple systems.