A strong password is a critical component to Layered Security, with weak passwords being one of the first vulnerabilities hackers may try to exploit. In a process called “brute force” hacking, someone looking to gain access to your accounts can use software designed to guess every possible letter, number, or character in a given position. While these programs can break through a simple password in a matter of seconds, a complex password can take millenia to crack. Your decision to follow industry best practices to secure your accounts can help protect your personal data by closing windows of opportunity for malicious activity, and we’d like to reward your commitment to data security with some recommendations on how to keep track of all of your passwords!
When you create a new password, you likely imagine that no one could ever guess your unique and personal entry, but did you ever imagine a computer program simply running through every possible character on your keyboard until it finds the right combination? Technology is convenient for everyone, including cybercriminals. To stump the software, industry best practices recommend, at a minimum, a password consisting of 8+ characters (the longer the better), including uppercase & lowercase letters, numbers, and special characters. Owing to the advent of so-called “dictionary attacks,” where entire words, rather than individual characters, are guessed by software, we now also recommend that you avoid using dictionary words as-is in your passwords. You can still use easy-to-remember words, but substitute letters with numbers or symbols, and consider including punctuation between letters for additional variety. Short phrases can be easy to remember, and difficult for software to guess when variations like numbers and special characters are included.
Given the sheer number of complex passwords we are all expected to keep track of these days, we would be remiss not to include methods by which to keep track of them all! First, you’ll be pleased to hear that, especially for personal use, it is perfectly acceptable to handwrite your passwords in a private notebook. We never recommend leaving handwritten passwords anywhere in plain view, but a dedicated page in a personal notebook is a foolproof way to manage passwords for your personal accounts, and it is readily available to all users, regardless of their level of comfort with technology. Never save your passwords in a text file on your computer. Passwords are just the first layer to cybersecurity, and if someone were to gain access to that file, they would have the keys to all of your digital doors.
For personal and professional use, you can use built-in password management programs in your web browser to keep track of your passwords: simply accept your web browser’s request to save your password, and remember to save again each time you update your password. This is an excellent method for keeping track of especially complex passwords that are not intuitive to remember, or even to type, but this method is limited to accounts accessed via your web browser. For other accounts, there are standalone software applications you can download to manage passwords for you, not limited to your web browser, but functioning in much the same way. If you have questions about which password management software might work best for you, feel free to give us a call and speak to a tech! And remember, before downloading anything from the internet, be sure it’s from a source you trust.
Meanwhile, if talk of brute force hacks and dictionary attacks has you worried that a single password alone isn’t enough, consider a digital deadbolt: two-factor authentication or even multi-factor authentication. Many developers are including two-factor or multi-factor authentication for their users to better secure their personal accounts against hackers. Multi-factor authentication requires multiple methods of verification to ensure that the person attempting to access an account is actually the account holder. Additional factors of authentication may include the account holder’s birthdate or other identifying information, or a message sent to a verified phone number or email address containing a one-time verification code. If you need help setting up multi-factor authentication on a supported program, give us a call to schedule a time for a tech to assist you! We’re happy to help users secure their personal data.
For more information on keeping your data secure, check out our other articles on Layered Security and Data Housekeeping, and keep an eye out for next month's piece on Common Scams (And How To Avoid Them)!