Is My Password Secure Enough?

Learn about the importance of password security and how to practice good hygiene to protect your online accounts

Photo by Everyday basics on Unsplash

As we hear more about data breaches on the news, you would think that people would be more aware of making sure their passwords are secure. However, there are plenty of people who may not understand what having a secure password actually means or how to do so. Maybe it’s too complicated and overwhelming, so they just brush it off.

We’ve all been there and yes, it is way easier to reuse passwords for multiple accounts and websites because we can easily remember them, but this is a huge no no as it creates an easy target and weak point. Think about it, if your information was part of a big data breach and your password was exposed (the same password you reuse for multiple accounts), you are now allowing someone to access your other accounts by simple trial and error because you likely also used the same email login or username.

Photo by Jude Beck on Unsplash

This is the reason why it is so important to have good password security hygiene. By making your passwords stronger and unique, you will help mitigate these weak points. The more checkpoints someone has to go through to authenticate themselves, the more protected your account and personal information will be. Now that’s not to say that you will be able to keep 100% of unauthorized users out, but it’s definitely a great starting point. Below are a few tips one can practice to help make their accounts more secure.

Complexity and Length

Let’s first focus on the length of a password. Most passwords have a minimum length around 8 characters and while that may be acceptable to create an account, why not make it longer? The longer your password, the harder it is to figure out. A strong password should be at least 12–15 characters long. Now that we have the length down, complexity is just as important. Your password should contain a mix of letters, numbers and symbols. Using uppercase and lowercase letters also help to make it more complex.

Another tip that could come in handy is to create a passphrase instead of a word. For example, you can create a password with a sentence that will not be too hard to remember for yourself. Let’s try something like:

password: myfavoritecolorisblueorisit

Now add some complexity and strength to it and the password becomes something like:

password: mYf@v0r!teColorIsbLU3OrIsit?

There you have it, a complex and lengthy password. Again, the longer and more complex, the better.

Photo by Markus Winkler on Unsplash

Uniqueness

Now that we know how to create a strong password, we want to make sure that we do not use the same strong password every time. This is where uniqueness comes into play and is especially important for accounts that hold sensitive information, such as financial services accounts and wireless carrier accounts. By allowing us to have different passwords for different accounts, we are practicing healthy habits to secure our information in the event there are any vulnerabilities a company may have.

Password Manager

Ok so you may be wondering, how are you going to remember ALL of these unique, strong, lengthy passwords?! Well this is why there are password managers. A password manager is a safe way for you to store your complex passwords and seamlessly oversee and handle all of your login credentials for apps and accounts on your mobile device, websites and other services. It is essentially an encrypted vault that can only be opened with a master password.

There are plenty of password managers to choose from (free and subscription based). Some even have a password generator that helps you create unique and strong passwords if you’re drawing a blank. If you decide to use a password manager, your master password should be the longest, most unique password you’ve created and should not be stored by the password manager itself. Two things you may also want to consider if using a password manager is if the company has the ability to see stored passwords and if the company stores your master password.

Photo by Franck on Unsplash

Two-Factor or Multi-Factor Authentication

Alright, so now that we have the whole secure password thing figured out, another great habit is to set up two-factor or multi-factor authentication on your accounts (if applicable). Most secure websites will already have this set up, but it’s not a bad idea to opt in if they have it in their settings .

What this does is instead of just logging into your account with a username and password, you need to provide another piece of information to confirm you are who you say you are. This can be done in various ways, but the two main categories fall within “something I have” or “something I am”. Most services currently use “something I have”, which could be an email account or phone where they send you another code to verify that you are the authorized user of the account. While “something I am” may not be as common right now, this is where you can verify who you say you are with a thumbprint, retina or facial recognition scan!

Photo by Franck on Unsplash

Email and Login Presence

Lastly, I want to touch on creating separate logins and email accounts. Just like we don’t want to use the same password for every account, we don’t necessarily want to use the same login or email address for everything either. Changing up and diversifying your email presence can help with protecting your privacy. An example of this would be to create a separate email address for online purchases. Most businesses will want you to create an account when you are ready to checkout, but try and opt for a guest checkout if you don’t see yourself shopping here often. Why put another account out there if it’s not needed? If you do plan to shop at a business more often however, creating that specific email address for just online transactions will help keep things organized and declutter any spam going into your main inbox!

Photo by Mathyas Kurmann on Unsplash

Think Twice and Be Suspicious

Ok, I know that that was a lot to take in, especially if you may not be following the tips and best practices I just mentioned above. While this may sound scary and/or cause some anxiety because after reading this, you may feel you do not have the best security hygiene, I do want to share and stress the importance of this. I’m not saying that you have to or should go and follow all of these things right now, but just the idea of being aware of this is a great start. Most people tend to ignore or put things on the back-burner because it’s not important at the moment, but I believe it is better to be safe than sorry. Start implementing some of these practices and it will get easier.

So the next time you have to create a new account, think twice before you go ahead and put in your usual password. Stay suspicious. If you get an email or alert that someone may have gotten access to your account, make sure to change your password right away and any other account that may have had that password as well. Following these best practices will help keep your identity, credentials and sensitive data safe.

Photo by Nadine Shaabana on Unsplash

Resource: cisa.org