How Safe is My Password?: Create, Store, and Share Passwords Safely
Passwords sit at the forefront of personal security. We use them for virtually everything, whether that’s a login to our bank accounts or profile for entertainment media. They are, essentially, keys to the virtual castle.
It’s no wonder that hackers, malicious-third parties, and otherwise internet vagabonds are always looking for ways to steal them. Unfortunately, their methods grow in complexity, employing techniques like social engineering or implementing malware to hijack a login. Once taken, they can cause serious damage, like locking a person out of valuable accounts and even stealing sensitive info.
So, naturally, preventing these scenarios comes down to the password itself. But, just how safe is it? While it’s a hassle to remember complicated logins for every website we use, in some cases, it’s a necessary concern. This is especially the case for businesses and other enterprises which use logins from multiple locations, so establishing good password safety is critical.
While there’s a myriad of security strategies to use for protecting data, a lot of migraines are avoidable by practicing good password habits along with storage/safety philosophies. To help you, we’ve got some handy tips to better improve password health.
Password Creation Tips
It’s tempting to go after the easy phrase when creating a login. The problem is, easily guessable phrases and words are prime targets for hackers. That’s because they employ bots to attempt password theft, applications which run through millions of common phrases in hopes they discover yours.
To avoid this, you need to practice some healthy password creation strategies:
- Websites suggest using caps/lower-caps letters, numbers, and special characters, which you should absolutely do.
- Use jumbled letters and numbers if you use a small login.
- Create long logins exceeding 8-10 characters, if you can.
- Try to implement a different password for essential websites, such as a bank account or a website where you store financial information.
That’s all well and good, but half the battle is remembering them, right? Fortunately, there are a few tricks to making an easily remembered login.
Try replacing letters with its alphabetical equivalent. Let’s say you want to make “dog” your password. Instead, use “4” for “d” (since d is the fourth letter in the alphabet). Now you’ve got 4og.
Reverse names and phrases. So “4og” is your password. Let’s reverse that, so now it’s “go4.” This works great for longer password names. “house,” for instance, becomes “esuoh.”
Add random caps. We can make “go4” say “gO4.”
Include an easily remembered number at the beginning or end of your phrase. Let’s say the birthday is the 16th, so now, our password becomes 16gO4. Or, gO416.
And just like that, we’ve taken an incredibly simple phrase like “dog” and turned it into a hard-to-guess phrase. This, of course, is a very basic example, but a way to generate complicated logins while also incorporating pneumonic methods.
When in doubt, however, you’re encouraged to jam together a series of words. Length is also a powerful deterrent to would-be hackers. In fact, use our previous sentence as a password!
You can always modify this approach, so long as you can remember it and make it hard to guess.
As you start creating unique logins (as you should), it’s easy for them to get lost in the various websites they’re used for. Therefore, you might think to write them down or keep your logins in a document.
However, this isn’t a recommended method. Not only does it set a bad precedent (creating an accessible point of high-value info), it’s dangerous for both individuals and companies. It’s better to use password managers which encrypt your data and organize them for specific websites.
Some managers are apps, and others are third-party extensions for your web browser. The key is to select an option which is both secure and easy to use, while also fitting your needs. A business, for instance, will want software with lots of options to sort logins by name, user, department, and so on. An individual may only need a manager for their web-browser logins.
A few other factors to consider:
- Avoid sending logins over unencrypted connections like text or email, even if you trust the other party. If you do, make sure you can delete the login afterward.
- Any changes to passwords should be reported to the appropriate administrator.
Here’s where things get tricky. It is, in most scenarios, not recommended to share passwords, as it doubles the risk of said login getting leaked. It also goes against advice you commonly hear, which is to never share your password with anyone.
Often, malicious parties attempt to take your password by simply asking for it, claiming they’re part of an administrator/management team. It’s worse if they use social engineering to pose as a friend or coworker, requesting a “lost login” for a project.
The only safe strategy here is to employ password management software, much like you would for sharing them. There are several key reasons for this:
- Management software encrypts passwords, meaning it’s protected when viewed by different team members.
- Software always assures all users have the up-to-date login variant; if you need to respond quickly to password changes, everyone’s on the same page.
- Some management software can track password usage behavior. This allows you to identify unusual login behavior, such as multiple incorrect login attempts on a device/and or browser.
- Passwords are kept in one place, versus spread out among users where they can potentially be leaked/stolen.
Deploying a Password Strategy
Even with all the methods and recommendations you’ve read about, it won’t mean much if you don’t follow good password strategies. This is especially important in a business situation.
If your enterprise needs to tighten up on login security, then it’s recommended to follow the points we’ll list.
Password Security Tip 1:
Make sure each user utilizes complex passwords via the methods we’ve suggested. One weak login is all it takes to compromise internal security.
Password Security Tip 2:
Create a list of easy-to-follow guidelines visible to all staff members. This assures they’re “in the know” and have a procedure to follow.
Password Security Tip 3:
Speaking of procedures, have a backup plan in case a password is lost. In most cases, this falls under a BDR (backup and disaster recovery) umbrella, but you’ll want a unique approach for logins too. For instance, if a password is lost, the backup plan could call for an email to be sent to all staff recommending they immediately change logins.
Password Security Tip 4:
Have different logins for different platforms. Users might log in to their work-station, but also need a password for a certain kind of software. Though it’s arduous, this creates additional layers of protection.
Password Security Tip 5:
Enable two-factor authentication. This is a healthy modern solution to password concerns, as it means a device is required along with the login.
Once you establish these guidelines, you create a strong foundation for good password habits. Not only for an enterprise but on a personal level too.
Cybersecurity is a growing concern and there are many aspects of it to consider. However, one of the easiest ways to immediately improve security is via complex passwords which are both easy to remember and manage. By doing so, you thwart a variety of common threats and keep your account and personal information safe, while also developing good habits for other security concerns.
Join The Executech Newsletter And Get:
Critical Updates on Cyberattacks & Digital Threats
Breaking Tech News
Exclusive Business Tips
Expert Opinions & Insights