Passwords have become so ubiquitous that we barely register them – and that’s a serious problem! Far too often, a short string of asterisks is the only thing keeping your most valuable data, files, and accounts from theft and exploitation.
Want to ensure that passwords contribute to your digital security rather than weaken it? Then take our comprehensive list of do’s and don’ts to heart.
What You Should Always Do
First, let’s tackle the best practices for the ultimate password security.
Use complex passwords
A password is only effective if it takes even supercomputers longer than a lifetime to guess. Qwerty, 1234, or any other frequently used password does literally nothing. Moreover, advances in code cracking and AI driven by data obtained from millions of breaches mean it takes a few hours at most to crack even an 8-digit password.
You have three choices. You can use a random combination containing symbols, numbers, and letters in both cases. Alternatively, you can use words and sprinkle other characters between them to make even very long passwords easier to remember. Passkeys are in the early stages of adoption. Still, consider switching to programs and websites that support signing with passkeys.
Have unique passwords for all accounts
Remembering passwords is tedious, especially now that everyone needs more than a dozen to function normally. Yet unique passwords are the key to account security. Taking all the precautions in the article can’t prevent someone from hacking the other party’s credential database.
It’s likelier to happen to smaller providers with poor security standards. Yet, that single cracked password puts all other accounts that use it at risk regardless of other security measures.
Start using a password manager
Luckily, you don’t have to leave password security up to memory and (a lack of) inventiveness since password managers address all potential credential weaknesses. They generate passwords, ensuring that each is unique and complex.
Password managers also store your credentials in encrypted vaults and fill them in automatically, so there’s no reason to write passwords down. With the best password managers, you will never have to remember a password again, except for one. On top of that, you can easily give temporary account access to colleagues or sign up from different devices if you install and sync the manager on all of them.
Secure your passwords with MFA
Passwords offer effective account protection, but they aren’t impregnable. That’s why multi-factor authentication is essential for building a layered defense. An attacker might obtain your password, but they can’t access the account since they don’t have the secondary code or biometric signature MFA adds. Your account stays secure, plus you get notified of unauthorized logins and can generate a different password to lock hackers out completely.
What You Should Never Do
Now, let’s see which behaviors and habits you should change.
Share your passwords
Sharing your passwords is a big no-no, even with family and trusted friends. Passwords are like secrets – as soon as two people know, you lose all control of what happens to them.
Safe sharing methods do exist. For example, streaming services and gaming platforms offer family accounts that let everyone access the same content without paying extra while maintaining separate profiles and logins. Password managers let you temporarily share account credentials with colleagues, revoking access once they expire.
Leave them out in the open
Hopefully, there’s no post-it note with all your credentials on your monitor. Even so, you might be storing passwords incorrectly, like in plaintext Word documents. Always encrypt your passwords, whether inside a password manager’s vault or by using an encryption program to make the contents of secured files and folders indecipherable to anyone who might get a hold of them.
Continue using default passwords
You go online or use smart home gadgets every day, possibly without realizing they, too, should be password protected. They mostly are protected by anyone now, but default passwords easily found online won’t do. Spend some time going over all your password-protected devices and make sure they are as protected as your other accounts.
Fall for phishing & other social engineering
Hackers don’t need to target heavily protected databases when they can trick you into revealing your password with a clever email. Phishing is doing better than ever since ChatGPT became available. It’s more frequent and harder to tell apart from legitimate emails.
Treat any unexpected messages you get with suspicion. Check whether the sender’s address is correct, and never download attachments or enter your credentials into websites links in such messages lead you to.
Conclusion
Proper password hygiene is the first step towards comprehensive cybersecurity and underpins all your other efforts. To make passwords truly effective, follow best practices and avoid the pitfalls.