Managing passwords can be a challenging task, from creating hard-to-guess passwords to remembering them later. In today’s world, the stakes are higher than ever as security breaches become more frequent and disastrous. With the increasing number of apps, accounts, and passwords, the opportunities for theft have multiplied. Surprisingly, despite the risks involved, many people still use weak and easily guessable passwords. For instance, “123456” remains the most commonly used password worldwide, highlighting the need for improved password practices.
JD Sherman, the CEO of password manager company Dashlane, humorously remarked, “You have to laugh to keep from crying” when discussing the state of password security. Once a password is compromised in a data breach, hackers often attempt to use it on various sites and services, a technique known as a “stuffing” attack. Reusing passwords or employing easily guessable options like “solarwinds123” not only puts individuals at risk but also exposes their workplaces to vulnerabilities. However, it is important to note that the blame for these password-related issues should not solely fall on the users.
According to data from Dashlane, the average person has over 200 accounts that require passwords. Managing such a large number of passwords has become overwhelming, making it challenging to follow the best security practices consistently. While we await a password-free future where more secure solutions are in place, there are steps we can take today to protect ourselves.
Here are six essential practices to enhance your password security:
1. Stop reusing passwords: Retire your trusty go-to passwords and start afresh. Reusing passwords across multiple accounts weakens their security. If a data breach occurs on one platform, all your accounts with the same password become vulnerable. Avoid creating passwords that are merely slight variations of each other, as they can be easily reverse engineered.
2. Create strong, unpredictable passwords: Avoid using personal details in your passwords, as information from your life can be easily obtained from social media platforms. Instead, leverage password generators or other techniques to create truly random combinations of words, numbers, and symbols. The longer and more complex your password, the harder it is to crack. Microsoft reports that 96 percent of password-related cyberattacks involve passwords with fewer than 10 characters, and 76 percent involve passwords with fewer than six characters.
3. Steer clear of commonly used passwords: Certain passwords are alarmingly common and easily guessed by hackers. Avoid using passwords like “123456,” “password,” “qwerty,” or obvious choices like pets’ names, kids’ names, favorite teams, or birthdays. Instead, combine multiple words or create unique phrases with the addition of special symbols.
4. Check for password exposure: Stay informed about potential security breaches that may have exposed your passwords. Platforms like Apple and Have I Been Pwned notify users if their saved passwords have been compromised. Take the necessary steps to change compromised passwords promptly. Password managers can also help identify compromised accounts.
5. Enable two-factor authentication: Passwords alone are no longer sufficient for securing sensitive accounts. Two-factor authentication adds an extra layer of security by requiring users to authenticate their identity through two different methods. Traditional methods involve receiving a numeric code via text message, but authenticator apps are becoming more popular. These apps connect to your accounts and provide a secondary authentication factor, such as a unique code, to verify your identity.
6. Use a password manager: Password managers can address many password security challenges in one solution. Apps like Dashlane and 1Password generate, store, and automatically fill in strong, hard-to-guess passwords. They can also save additional information like personal details and credit card information, streamlining the sign-up and checkout processes. Alternatively, built-in password managers like Apple’s Keychain can also be utilized. These tools securely store your passwords and offer convenient autofill features.
Setting up a password manager is a straightforward process. You can either download the manager app onto your mobile device or sign up on the manager’s website. Once installed, the password manager begins saving the passwords you use for various websites and applications. It also generates strong and unique passwords when you sign up for new accounts and automatically fills them in during logins. Some password managers even provide features to store additional information, such as your name, address, and credit card details, further streamlining your online experiences.
In an ideal world, password management would be simplified to just three passwords: your phone password, email password, and password manager password. Memorizing these three crucial passwords or utilizing features like Dashlane‘s password-less option, which allows unlocking accounts with a PIN or biometrics, can enhance security.
However, if you choose to store passwords independently without a password manager, it’s essential to understand the risks involved. Traditional methods include writing passwords in an analog notebook or on a slip of paper. While this approach avoids digital theft, the physical list can be easily lost, stolen, or damaged. Another popular method is storing passwords digitally, such as in a password-protected document or a note on your smartphone. Although this approach offers convenience, it exposes you to potential cybertheft if unauthorized individuals gain access to your device or accounts.
Regardless of the method you choose, it’s crucial to be aware of the risks and weigh the trade-offs. Password managers provide a comprehensive solution for password security, but if you opt for alternative storage methods, ensure you take appropriate precautions.
In conclusion, effectively managing your passwords is vital in today’s digital landscape. By following these recommended practices, such as avoiding password reuse, creating strong and unpredictable passwords, enabling two-factor authentication, and utilizing password managers, you can significantly enhance your online security. Remember, password security is a shared responsibility between users and service providers. Stay vigilant, regularly update your passwords, and adapt to evolving security practices to safeguard your valuable information in an increasingly connected world.