Do you know how to protect your password from malicious activity?
According to industry analysis by TeleSign, 2 out of 5 consumers reported receiving a notice that their personal information had been compromised online. The good news is you can reduce the risk to your online world with one simple method: password protection. We’ve compiled a list of password do’s and don’ts so you can quickly and efficiently secure your digital life.
Use special characters, numbers, and cases. A password should always include a number, a special character like an exclamation point, and upper and lower case letters. By including all of these components your password is more difficult to hack using sophisticated brute-force cracking, and other measures.
Use memory devices to create your passwords. No, we are not suggesting you use your dog’s name for all of your passwords. We do suggest you think of a phrase that you will remember, and then translate that into a secure pass phrase. For example: “I like to watch the sunset in Hawaii” could become the pass phrase “iL2WtsIH!” – But please don’t use this specific pass phrase as it’s publicly included in this blog post. 😊
Change your password every sixty days. Passcodes may travel from one hacker to another, and around the world. Changing your password more frequently prevents saved instances of your password from being used by hackers later on. Hackers also use open sessions to commit Cross-Site Request Forgery (CSRF). CSRF is “a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated”. Some applications, like Facebook, allow you to view your open sessions. It is recommended that you always review your open sessions for sites that allow multiple browser sessions at once.
Enable two-factor authentication (2FA) where possible. 2FA asks for a second level of authentication to your account. Rather than simply asking for your username and password, 2FA requires you also verify your identity through one of the following three principles: something you know (personal information such as a pattern), something have (a physical card with a code), or something you are (a fingerprint or voice recognition). A good example of 2FA would be your bank or credit union texting you a verification code to enter on a consecutive screen after you’ve entered your username and password. Even Google allows you to manually setup 2FA to protect your personal email account. We encourage you to use 2FA wherever possible.
Use sticky notes. This may be obvious but occasionally you may feel inclined to write an important password on a sticky note or nearby notebook. Please don’t. Protecting your passwords becomes vitally important in an office setting where any user, or visitor, can pick up your password and walk away. Commit your code to memory as much as possible. If you’re managing multiple accounts you may consider using an app like LastPass; however, be aware that the safest location for your password is your own memory.
Use your name or birth date. Always be sure that your password doesn’t include personally identifiable information such as your first or last name, maiden name, birth date, street address, etc. By creating a pass phrase you can avoid using these pieces of information. Consider thinking of a pass phrase sentence that reminds you of places you enjoy, or things you enjoy, but don’t use known specifics such as your home address, family, or pets.
Use easy or popular passwords. You may be surprised to learn that there are popular passwords used across the United States. According to the Huffington Post, the most common U.S. password of 2013 was “123456”. Think about your passwords and determine if they’re phrases that could be similar to another user. Be specific, detailed, and random with your passwords – and avoid using all numbers or all letters. Mix and match your characters, including special characters.
Reuse your passwords. While it’s tempting to want to use the same password for every application and device, reusing passwords makes it easier for hackers to cause widespread damage to your professional, financial, and even medical information. Use different passwords for your most sensitive applications used for work, banking, and medical records. And if you can, use different passwords for every account that requires a login.
Give your password to anyone. Even if your company’s Network Administrator asks for your password you should NEVER give it out. Your password is unique to you, especially at your place of business. Passwords used to login to company workstations, emails, and networks should be guarded closely and you should follow all of the above protocols for password protection. Also, avoid sharing passwords with family and friends. By keeping your password private you prevent your information from being shared, even accidentally, to the wrong individuals.
We hope these tips are helpful to you as you navigate this increasingly connected world. If you’re interested in more information on network security for your place of business we invite you to check out our Layered IT Security eBook below.