In Search of the Perfect Password

Ten tips to help you not give away the keys to your kingdom.

What’s something that stands between you and a cybercriminal that’s in your full control? Your password!

The world of password security is a tricky one because many of the best practices for password security are not at all practical and therefore rarely used. Considering all the accounts we need to secure with passwords and all of the rules regarding effective password hygiene, it can certainly feel that it’s almost impossible to keep up!

There are good technologies that exist to help us with password security and management, but unfortunately there is not a perfect solution. Therefore, we prefer some good old-fashioned common sense and awareness.

With that in mind, here are TEN simple and, more importantly, practical tips that will help you keep your passwords secure:

  1. Make sure you actually use a password. Anything that can be secured with a password should be! Use a phrase that captures a memorable thought that only you know or use the first letter of each word in a unique phrase to create a password.
  2. Passwords should be a minimum of at least eight characters in length. Ideally, if the system allows, the password should be from 24 to 26 characters long. When creating a password, remember to include at least one of each of the following: uppercase letter, lowercase letter, special character and number.
  3. Create answers for web security questions that are hard to guess but easy to remember.
  4. Don’t share your passwords with anyone. This one may seem obvious, but it happens way too often. Sharing is a good thing, but not when it comes to your password. Don’t share passwords on the phone, in texts or by email. Theoretically, you should never email or text someone a password. So, what should you do if you child texts you from school saying that he or she forgot the password to his or her email? Ideally, if you need to share a password, call him or her to identify the other party by voice. If you MUST send a password in writing, choose to use an encrypted connection, which is offered by various chat tools. If no such tool is available, consider splitting the password and sending some via email and some via text.
  5. Don’t write down and hide passwords. If you have to write them down for whatever reason, don’t label them as “passwords.” Write down something that will only be understandable to you.
  6. Don’t store passwords on your computer, websites or in web browsers unless they are in a strongly encrypted software program. If your device gets stolen or hacked, stored passwords will give easy access to any would-be hacker.
  7. Don’t create passwords from dictionary words with repeated or missing letters, common phrases or keyboard patterns. Remember: hackers don’t hack passwords by guessing; they have access to tools that bypass those simple tricks and can crack passwords in seconds.
  8. Use different passwords for all accounts. We have to be very clear on this tip since it’s a bit controversial. Without the aid of a password manager, we can honestly say that most people do not follow this advice. Consider investing in a password manager but proceed with caution … some studies have revealed that password managers are vulnerable to being hacked, and if they get hacked, the cybercriminal essentially has the keys to your password kingdom, which of course defeats the purpose of having a password manager or even a password in the first place.
  9. Change passwords frequently. Similar to our thoughts in tip No. 8, this tip is another best practice that’s almost never followed. If you find this tip too difficult to follow, then make sure you change your passwords after a breach and remember: It’s not just your account that’s been compromised but your password itself. This means you need to change the compromised password for any account where it’s used, and you can never use the password again. If you need to change your password due to a suspected breach, make sure the notifications in your settings profile only notifies you of the change. The last thing you want is a cybercriminal getting notified each time you change your password.

Most importantly, remember that a password is what stands between you and a cybercriminal. Make sure you and your loved ones approach your passwords with responsibility and security in mind.

A good password is just one element in a comprehensive security strategy and AlphaONE can help in ways you may not have even considered. Find out how we can make your world more secure by calling us at 833-ALPHA-ONE or 334-245-3125.