Whether we like it or not, passwords are the key to almost everything we do online – from dating apps, accessing your bank to logging into your M365 account. These days especially, with accounts and sign–in required for almost everything, strong password management is necessary for keeping your data and personal information safe.
In fact, new research from NordPass reveals that average person has around 100 passwords to remember. If you’re anything like us, you’re flat-out remembering your neighbour’s name, let alone the password to an account you created two years ago!
Thankfully, password management doesn’t need to be difficult. We‘ll take you through some simple dos and don’ts of password management, and how you can make sure you stay safe online.
What makes a good password?
When it comes down to it, a good password should be two things:
- hard to guess; but
- easy to remember.
In other words, your password is strong enough to deter hackers, but memorable enough so can avoid spending hours racking your brain for the password.
Consider the following:
- Use a sentence or a phrase, like “unicornsliveinbrisbane”.
- Make it as complex as possible by including both uppercase and lowercase, and replacing letters with numbers or symbols, like “Un1c0rnsliveinbRi5bAN3”.
- While complexity is essential, length is equally as important; aim to use at least 16 characters where possible.
- Set up multi-factor authentication on your account – this is generally through a mobile phone app or token. Setting up MFA adds another level of protection – but we’ll touch on this later.
Common password mistakes
Let’s also look at some things you should always try to avoid when creating passwords.
- Revealing your password to others. While this may seem painfully obvious, never reveal your password to anyone else. Your password is as valuable as the PIN on your bank card – so keep it to yourself. Any website or person asking for your password should be flagged as a scam immediately.
- Using the same password for everything. We’re all guilty of this to a degree, but avoid using the same or similar password for all your accounts. Understandably, you’re required to make passwords for almost everything these days, but ensure you keep them as unique as possible – especially the important ones!
- Using basic words followed by a number. Scammers are clever these days and have plenty of ways to access your account. Often, they will use dictionaries of words and commonly used passwords to try and infiltrate your account. The days of “Password1” are well and truly behind us.
- Basing your password on public information. By this, we mean avoid using a password that is inspired by something people can find out about you on social media. For example, using your children’s name or birthday, or having “cricketlover95” if your Facebook profile is plastered with cricket content, are probably not the most discreet choices.
- Saving your passwords in a “secured with a password” Word or Excel Document. This is an extremely common practice which is frighteningly simple to crack – as we demonstrated recently with a client who’d lost access to this type of document. A modern PC with the right tools can crack a standard password in around 4 days. Add a modern, high-end GPU to that and your password could be cracked within the hour.
Ultimately, if someone can guess/has access to your passwords, it’s a bad password.
Need some examples of what not to do? Here are the top 200 most used passwords from 2020.
The solution – password managers & multi-factor authentication
Understandably, most people cannot keep tabs on all the different passwords they have for various accounts. Unless you’re using the same or similar password for everything (not a good idea), it may feel like a nightmare trying to manage your plethora of login details.
While there are traditional password management methods (again, we’ll touch on these later), today, we have software that can do it for you.
So, for both individuals and businesses, we always recommend employing the use of a password manager, in conjunction with multi-factor authentication (MFA).
Password manager software
So – how on earth are you meant to remember tens (potentially hundreds) of different passwords you have scattered across the internet?
The answer is you don’t! Using high-level encryption, password managers allow you to keep all your passwords safe and secure in one digital vault and can even generate complicated passwords for new accounts. All you need to remember is the one master password to get into your account.
One password’s easier to remember than 100 – right?
Our recommendation? LastPass is the password manager we recommend to our clients because it:
- Supports most browsers and platforms
- Password strength report
- Dark web monitoring tools
- Secure sharing
- Password inheritance
- Two-factor authentication
- Free and premium versions available.
Multi-factor authentication (MFA) adds an extra level of protection to the sign-in process. Generally, MFA is done through a phone application.
When you go to log in, you will also need to verify the login on your MFA application, using a time-based, single-use passcode.
MFA is a great way to boost security on all your important logins. Moreover, if you are thinking of using a password manager to store all your login details, we strongly recommend adding MFA protection.
What do we recommend? For us, we can’t go past the Microsoft Authenticator.
Microsoft Authenticator is a trusted MFA, backed by Microsoft’s encryption. Moreover, it is super easy to download and use – meaning you can get started with it today!
There are, however, plenty of alternatives out there. Spend some time doing your own research to find the best MFA solution for you/your organisation.
Traditional password management methods
Traditional methods of password management are the more analogue techniques that you may or may not still use.
These methods include things like:
- Writing passwords down on sticky notes, post-its, etc.
- Keeping a master spreadsheet of all passwords.
- Sharing them to your colleagues/family/friends over email or text.
- Repeatedly using the ‘forgot password’ option.
These techniques are surprisingly still common amongst businesses and individuals. Traditional techniques are, in general, far less secure than more modern, digital methods.
Pros and cons of traditional password management techniques
Let’s be real – the cons of traditional methods far outweigh the pros. Especially with things like sending passwords over the email or having a spreadsheet saved locally, it is far better to keep your passwords stored safely in a digital vault.
In saying this, the only upside of keeping your passwords written down is that no hacker will be able to access it. Unless, of course, you misplace it, or it falls into the wrong hands.
Ultimately, we strongly recommend that any individual or business consider securing their passwords through digital manager software.
Do you have any more questions on password management, or online security in general? Don’t hesitate to reach out to Monocera at [email protected] or by calling 07 3369 1415.
If you’re looking for more online safety tips, why not check out our article on the Essential Eight baseline mitigation strategies, as recommended by the Government.