Top 7 Tips to Secure Your Passwords
In our current world where technology is finding its way into all aspects of our life, it is important to understand how to properly protect yourself online to be sure all your accounts are secure. Hackers can use a variety of techniques to launch a cyber attack your way:
- Buffer Overflow- Using specialized code to fool systems into giving away personal information
- Wi-Fi Traffic Monitoring – An attack that utilizes public Wi-Fi networks to steal information
- Brute Force – Entering random passwords until one is correct. Especially dangerous if you use a common password.
- Key Logger – Program that infects your computer and steals inputted information
There are several tips you should keep in mind when designing a password to make sure that you are the least susceptible to these kinds of attacks, and any others that hackers may utilize to get to your information.
See Infosec IQ in action
1. Strong Password Requirements
There are many different elements to consider when selection a password to use. Making sure your password is advanced enough that hackers will have a very difficult time attempting to break into it is essential to avoid having your account breached by unwanted intruders (which is probably anyone but yourself!). You should get into a few habits while designing passwords to ensure maximum security.
The highest-tier of passwords all follow a similar format. There should be a combination of both uppercase and lowercase letters. Simply making sure you use punctuation presents a huge increase in combinations that must be attempted to crack into your account.
Creating a password consisting of nonsense is another way to make sure that hackers cannot learn information about you and have any easier of a time getting into your accounts. Simple personal information should especially be avoided, such as family members or pet's names, addresses, etc. General words should also be avoided, such as a sport, item, or hobby. However, when selecting your password, make sure you will be able to remember it further down the road.
The length of the password is another important, possibly obvious way to ensure it is more difficult to crack your code. The best passwords are usually at least 12 characters in length, even if the website or service you are signing up for says that your password "strong" with less. Using more than 12 characters will ensure maximum security.
2. Unique Passwords
It is common for many people to use the same few passwords for every account they have ever created. This is one of the most common mistakes. Using unique passwords for each account you possess online will prevent the hacker from being able to access any account he desires after breaching one. Also, if the infiltrator has access to an e-mail account, he or she can use that e-mail to retrieve passwords for whatever he wishes as long as the website does not offer a form of two-factor authentication if the login is coming from an unfamiliar place.
If you are still using a default password provided to you when you purchased your computer or router, change it immediately. There are websites available to the public that display the entire temporary and default passwords for each product, so it is only a matter of trial and error for the hacker until he has determined your code.
3. Write it on Paper
A problem many have when designing a strong password for their accounts is being able to remember it. There are several ways you can aid yourself in this task, instead of just relying on repetition and the memorization of a random string of letters, numbers, and symbols.
The first strategy is to write your password on paper. It is shown that physically writing down information helps people retain the information they are recording. Also, writing down your password and storing it in a safe place is much safer than storing it in a file on your computer or online. If a hacker gained access to one of these files, he could potentially have your login information for any account you recorded on file.
Another way to design strong passwords while making them easy to remember to think of a sentence you would not have an issue remembering. For example, if your sentence was "My parents John and Carly live on 505 Smith Street and are both 52 years old" you could use a password with the first letter or number of the sentence, translating to "MpJaClo505SSaab52yo", which would be a very strong option for a password.
4. Two-Step Authentication
Recently, online companies have provided more opportunities to increase security on their websites and give users more ways to protect themselves against cyber-attacks. One emerging strategy is known as two-factor authentication. Two-factor authentication is a secondary step of confirmation that requires a code or link that is sent to a cell phone or similar device that must be inputted to verify the correct user is accessing the account.
You should get in the habit of checking websites you often log into and determine if they use a form of this authentication process. Often, they only require two-factor authentication if you are logging in from a device you have not used before, which is particularly useful in bringing cyber-attacks to a halt. If your company gets breached, they will be unable to attempt to access your account if two-factor authentication is enabled, unless they have access to another one of your personal devices.
Utilizing security questions correctly is another procedure that can help or hurt you online. When used correctly, they provide an easy way to recover your account if it was stolen. On the other hand, if the answers you provide are easy predictable or obtainable with research, they can be detrimental to the safety of your account. Be sure to stay away from common questions such as "What's your father's middle name" or "Where did you go to elementary school" as these kinds of questions could be possible to find online. Be sure to use unique questions only you would know the answer to, or respond to the question in a way that doesn't even pertain to it for extra security if you can remember your responses.
5. Biometrics
Another emerging technology is biometrics. Biometrics is statistical data gathered from people's physical or behavioral characteristics. Biometrics most commonly used alongside passwords are fingerprint scanners such as the one used on more current iPhone's, face and eye recognition capabilities found on some cell phones such as the Galaxy Note 7, and more. As these kinds of technology improve and become more widespread, they may replace passwords altogether.
6. Avoid Phishing Schemes
Never share your password with anyone. Even if you trust whomever you give it to; you are still running the risk of that information getting distributed and increasing the amount of risk you have to your accounts.
Also, watch out for phishing websites and emails. Phishing is when hackers send fraudulent emails or set up malicious websites posing as reputable companies with the objective of obtaining personal information such as passwords or a credit card number. There are a few tips to help determine whether a source is legitimate or not:
- Make sure the e-mail address of message you have received is correct. Malicious senders will use an email that is a letter or symbol off from the email they are trying to impersonate, so be sure to check carefully.
- Be on the lookout for spelling and grammar mistakes. Often, phishers do not speak perfect English, and any errors they make may be a sign that the message is not coming from the reputable company you believe it is.
- Check the IP of the sender if you are suspicious about the authenticity of the email. Checking the source code will show you the IP address if you look for the string of numbers following the lines "Received: from." Then, it is possible to google the IP address and view information about where it was sent from.
7. Be Wary of Malware
It is not advised to click unknown links. Malicious sites can begin downloading files, reroute you to other dangerous websites, and scam you for information such as your password the moment you interact with the page. If you are unsure whether you should open a link, it is best to right-click and copy the link, then paste it in a different browser so you can look at the URL before executing the command to open it. The safest sites are "HTTPS" sites. You will see these letters at the beginning of the address. Be sure always to check to see if a website has "HTTPS" while entering sensitive information like a social security number or credit card.
Attachments are a very successful way hackers gain information about whom they are targeting. You should be especially wary if you are somewhere where you are connected to the same network as many others such as a workplace or school because if one person opens a malicious attachment, the entire system of computers could be infected as well if they are all connected to the same network. Don't open attachments unless you know what to expect unless it is coming from an address you can verify is safe using the advice above. Word documents, PDFs, and EXE's should be dealt with increased caution.
Conclusion
Understanding the preventative measures of ensuring your password can not be cracked easily will great increase your security online. None of these tips are difficult to incorporate into your online habits but are all important to consider while creating or using your passwords online.
References:
https://www.engadget.com/2016/10/10/future-of-biometric-security/
https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240
https://staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts
https://hypersecu.com/blog/91-5-ways-hackers-are-stealing-passwords
Phishing simulations & training
http://www.mydigitalshield.com/5-ways-hackers-gain-access-data/
In this Series
- Top 7 Tips to Secure Your Passwords
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness