If you’re like us, you dread the notification reminding you it’s time to change your password. No one likes having to create passwords, but in this digital age, it is one of the easiest ways you can ensure your information stays protected. Thankfully, we have some tips and tricks that will make your next password update as easy as “P@ssword123” – which by the way is not a password we recommend using!
The goal should be to create a strong and secure password. Keep in mind, the shorter it is, the easier it is for threat actors to crack it. This is why we recommend using unique passphrases or strong and complex passwords, and why you will notice some password creation rules ask you to use more characters.
Whenever possible, we recommend you opt for a passphrase. These are longer passwords that contain 15 characters or more, and can be easier to remember. To create a passphrase, choose at least 4 unique words and put them together. Because of the length, special characters are not necessary to ensure a more secure outcome. An easy way to select words is to use associations, like four items you may find in your living room. For example: “lampcomputerlegoscurtains”.
If you can only use less than 15 characters, we suggest you use a complex password that is no less than 12 characters comprised of upper- and lower-case letters, as well as numbers and symbols, preferably with no obvious words. Thinking up a sentence and transforming it into your password will make remembering it easier. For example: “My jersey number when I played competitive soccer was 27!” can be used to remember the password, “Mj#wIpcsw27!”
An additional layer of protection for your accounts often includes activating two-factor authentication (2FA). Simply put, it requires something you know and something you have. Enabling it means that along with your usual sign-in method, an additional piece of information is required before your sign-in is allowed. This might include entering your passphrase (something you know) and using a token generated code (something you have), or a password and your fingerprint. Whatever the combination may be, having to use two or more methods to authenticate your identity will result in less chance of being compromised.
Now that we’ve covered some of the do's, we can’t forget the don’ts. You may have rolled your eyes at “P@ssword123”, but “123456” and “password” were still two of the most commonly used passwords in 2018. Using character substitution doesn’t make it any safer either. Threat actors are fully aware of these trends, especially commonly used passwords, and will exploit them to access your information. Other passwords or passphrases to avoid include the use of personal details, common expressions, song titles or lyrics, movie titles, and quotes. While you may trust that Rick Astley is "Nev3rgonn@GiveUup", he might not keep your emails safe.
It isn’t just your choice of password that could put you at risk. Your personal habits may also play a role in putting your personal information at risk. Remember to never share passwords with anyone, not even family members. Always be aware of your surroundings when you enter information in a public setting. Use different passphrases and/or passwords on all accounts, taking extra care to have unique and strong ones for sensitive accounts, such as your banking or work accounts. And when you are done, log out and do not automatically save passwords, because this could unintentionally give access to your information without anyone even knowing what your passphrase or password is.
The main thing to remember is that these guidelines will help protect you and your information. Following this advice will help strengthen your security posture, and keep your personal and business accounts that much safer. For additional details, we invite you to consult ITSAP.30.032 – Best practices for passphrases and passwords.