Making complex passwords that are also easy to remember is difficult, and even the most diligent among us occasionally make mistakes.
Unfortunately, when security failures grow in size and frequency, the stakes rise. There are more potential for theft when there are more apps, accounts, and passwords.
The most popular password worldwide is “123456” in spite of the fact that human nature never changes.
According to JD Sherman, CEO of the password manager business Dashlane, “You have to laugh to keep from crying.”
In a “stuffing” attack, once your password has been compromised, hackers attempt it on many websites and services in an effort to get access to more accounts. Reusing passwords or choosing risky options like “solarwinds123” leaves you—and frequently your place of business—more exposed. However, that does not imply that the entire password drama is merited.
The majority of consumers have more than 200 accounts that require passwords, according to data from Dashlane.
Consumers currently use far too many passwords, according to Josh Yavor, chief information security officer of cybersecurity firm Tessian. If you consider all the many places you must log in, the number is simply too great for anyone to be able to remember every single password and act correctly each and every time.
We’ll most likely abandon passwords in favor of a safer solution at some point. For instance, Google announced Wednesday that you may now log in to multiple Google accounts using the passkeys on your mobile device, such as a fingerprint scanner or FaceID on iPhones. Here are six simple steps you may do to safeguard yourself until the day when passwords are no longer necessary:
Quit reusing passwords.
Retire your go-to passwords and create new ones if you just take one action to make your accounts more secure.
Reusing passwords on several accounts reduces the security of all of them. For instance, if your Netflix and Chase Mobile passwords are the same, a Netflix data breach might put your bank account at risk. This applies to passwords like “oaktr33-hulu” and “oaktr33-hbo,” which are nearly identical with only minor variations that could be easily reverse engineered.
Yavor once acquired access to 20,000 corporate accounts in less than an hour by simply entering the default password the accounts came with, he claimed, while working as a penetration tester for businesses, helping them uncover and eliminate avenues hackers could use to break in.
Make your passwords challenging to crack
You shouldn’t use personal information in your passwords. You could believe that nobody could possibly guess the name of your child or pet, yet all it takes is a fast trip to LinkedIn or Instagram to find out. Instead, choose truly random word and number combinations or password phrases using a password generator or another method.
The same topics frequently come to people’s minds when they are forced to think up a password on the spot. According to Tessian, 21% of people use recognizable cues, such as their favorite sports teams or birthdays. According to a Microsoft survey, 15% of people call their dogs by their names. Therefore, it is best to stay away from passwords that have any genuine meaning.
Make sure to include plenty of numbers, letters, and other symbols as needed. Make them lengthy (more than 12 characters). According to Microsoft, passwords with fewer than 10 characters account for 96% of password-related cyberattacks, and passwords with fewer than six characters account for 76%.
Sherman said that creating passwords is like leaving your car in a mall parking lot. The majority of robbers only look for unlocked doors and downed windows.
Keep these passwords away
123456. Easy to guess also means simple to remember.
Password. This is self-evident.
Password123. Nice attempt, but unsuccessful.
Qwerty. Change up the letter combinations you try, then include some numbers and symbols.
names of pets. Try using some special symbols to create a new word by fusing the names of your pets.
names of children. same as with animals. (But typically less hairy)
favourite groups. There are only so many professional sports teams, so this is a frequent occurrence.
Birthdays. Try adding some symbols and letters to a date that has no importance.
Verify whether your passwords have been disclosed.
An exposed password can be the motivation you need to improve your security procedures. If one of your stored passwords is involved in a breach, Apple tells you. Change any passwords that put you at risk on an iPhone by going to Settings Passwords Security Recommendations. Visit passwords.google.com to view the passwords you’ve permitted Google to save. Click “Check Passwords” under Password Checkup. (Note: I would suggest using a different method of password storage because it’s simple to leave yourself hooked into Google on someone else’s computer.)
You can check to discover how many data breaches included your email address or phone number by visiting the website Have I Been Pwned. Finally, password managers, which are programs that create, save, and automatically fill in complicated passwords, can also let you know when an account has been compromised.
Construct a two-factor authentication system
For important accounts like your bank or social media, passwords by themselves are no longer enough of a security measure. Additionally, you should enable two-factor authentication.
Before being granted access to an account, a person must prove their identity in two separate ways using two-factor authentication. By turning on two-factor authentication, you stop hackers from entering if they only have access to your username and password.
In the past, two-factor authentication required a text message with a numerical number to enter that was sent to your phone. Knowing the code indicates that you have your phone, which gives the app or website confidence that you are who you say you are.
However, using that technique exposes you to risk if someone steals your phone or connives to trick your cell provider. Spend a few seconds downloading an authenticator app if you want some extra credit for good password hygiene. When someone tries to get on, these are connected to your accounts and ping you. The app then provides you with a second piece of information to confirm your identification and enable signing in. You may access authenticator apps from Google, Microsoft, Twilio, and ID.me using a variety of mobile devices. Simply enter “authenticator” into a store’s search bar to download one of these.
Use a password manager.
Using a password manager can take care of all of your password security issues at once. Simply download the manager app (we suggest Dashlane and 1Password) to your smartphone or sign up on the manager’s website. A built-in manager such as Apple’s Keychain is another option. These programs will begin remembering the login credentials you use, generating complex passwords when you register for new websites, and automatically entering them into login fields. For quicker sign-ups and checkouts, you can even set it to remember your name, address, and credit card information.
You have two options for setup: turn on your preferred Spotify playlist and spend a few hours entering the passwords for the websites you frequent the most, or just get started with your day and let the system auto-save passwords as you use them.
According to Tessian’s Yavor, in a more sensible society, each person would only need to remember three passwords: those for their phone, email, and password manager. Keep those passwords in your memory for security, or utilize Dashlane’s new password-less alternative to access your account using a PIN or biometrics on your smartphone.
Be aware of the risks if you must save passwords somewhere else.
The precious password notepad that is usually seen next to a computer is well known to us all. The password list on the smartphone notes app is my mother’s favorite option, along with the password safe, password Google Doc, password-saved email draft, and others.
There isn’t much to gain if you decide to manage your passwords yourself rather than hiring a manager, according to Yavor. Passwords can be written down in an analog notebook or piece of paper to prevent digital theft, but doing so increases the risk of the list being misplaced, stolen, or—as in his case—eating by golden retrievers.
Of course, by keeping your passwords somewhere digital, you can protect them from dogs and other natural disasters. However, by doing so, you expose yourself to the risk of online theft.
Whatever you do, be aware of the risks involved and give a password manager some careful thought.