Woman using fingerprint identification to unlock cell phone.

The Ins and Outs of Password Security

By Ron Shuck
Published

It seems like every time I turn around I need to enter a password for something. You too? Well, we are not alone. In the U.S. the average email address is associated with 130 accounts, according to a survey by Dashlane.1 Then the challenge becomes remembering your password. So how do you create a strong password and remember it? (It seems like that should be simple, right?!) I’ve got some tips to hopefully make your life online a little easier and more secure!

1. Create a solid password

Passwords are created to prevent people from accessing, and in some cases stealing, your personal information. So how do you keep your personal info on lock? Strong passwords depend on two things; complexity and length.

Avoid dictionary words

Stay away from dictionary words or a combination of them. Any word on its own is bad and can be easily hacked. It’s best to avoid common quotes, and words or phrases that could be easily guessed.2

Use numbers, symbols, capital letters and lower-case letters

Using a mix of different types of characters makes a password harder to crack. For example: t6Y$lg*bF is very complex, but who can remember something like that?

Instead, use a phrase like this: I really hate to change My password every 10 days$. Even though this has dictionary words, which is not a good idea for short passwords, it is great for long passwords. I could remember this, and it has all the components that are typically required for a password: upper and lower case letters, numbers and symbols.2, 3

Use at least 12 characters

Ideally the longer the password, the more difficult it is for the bad guys to guess or brute force your password. This is also where using a phrase can be useful.

Avoid personal information

Remember that playing fun games on social media may let hackers know more about you than you would expect. FBI.gov reported that many of those games ask for personal info that could lead hackers to discover passwords and codes that were created using your address, mother’s maiden name, high school mascot, first pet’s name and other personal information.

2. Use a different password for each account

I like to think of passwords like keys. While it’d be great to have one key that unlocked your house, car, safe deposit box, work and so on, it’d be very bad if someone got your key. Think of the access they would have!

A good rule of thumb is that each system or account should have a different password. This is because even if your password-creating skills are awesome, systems can be more easily hacked than you might think.3 We can’t just go with the convenient way out. As most of us live on our smartphones, we’re finding more ways to make our lives easier. With the rise of smart homes and controlling them with our phones, if those home apps were hacked we could lose control of not just our information, but literally the keys to our homes. A cyber-burglar could take over your smart lock, smart lights, security camera, thermostat and more.

Here are some different types of systems to think about that could be vulnerable without a secure password:

  • Home thermostats, lights, and smart hubs
  • Video chats
  • Email and social media accounts
  • Cloud storage like Google Drive
  • Shopping accounts like Amazon
  • Banking, credit card, and financial accounts
  • Entertainment accounts and subscriptions like Hulu or Netflix
  • Medical devices and health records
  • Smart cars
  • Smart home locks
  • Kids toys and personal devices

3. Use a password manager

A password manager is like a safe for all of your accounts and associated passwords. I have almost 400 accounts and passwords. There is no way I could remember even a fraction of those. A password manager allows me to have really long, complex passwords for all my accounts, and I only have to remember one really strong one to get access to my password manager. Password managers are a great tool, but you must be very careful to protect it because it becomes that one key for everything.

I recommend these password manager apps, but make sure you use multi-factor verification with them:

  • LastPass for Android or Apple – LastPass offers a free version to manage your passwords and allows you to sync across desktop, mobile and browsers.
  • Dashlane for Android or Apple - Dashlane offers a free version that allows you to manage up to 50 passwords.

4. Use two-factor authentication (2FA)

If you want to take things a step further you can add an extra layer of protection with two-factor authentication, or two-step verification, if it’s available. To put it simply this means that in order to login you’ll need to provide something in addition to your password. This could be a code sent by text to your phone, a phone call, a security key, a backup code, or a biometric scan of your fingerprint or face. Many phones and apps already have these options, such as:

  • Apple’s Face ID
  • Windows Hello
  • Facebook Two-Factor Authentication
  • Instagram Two-Factor Authentication
  • WhatsApp Two-Step Verification

Do your best not to get hacked

Our guidelines to protect your personal info are legit advice. Remember that personal information, simple passwords, and using the same password for everything are no-go’s. Make it difficult for hackers by creating long, complicated passwords for every account, using multi-factor authentication when possible, and investing in a password manager if needed. Security is a journey, not a destination. So, educate yourself and start your journey towards better password security.

Sources:

1 Lord, N. (2018, December 14). Uncovering Password Habits: Are Users’ Password Security Habits Improving? Retrieved from Data Insider: https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

2 Krebs, B. (n.d.). Password Do’s and Don’ts. Retrieved from Krebs on Security: https://krebsonsecurity.com/password-dos-and-donts/

3 CISA. (2019, November 18). Security Tips (ST04-002). Choosing and Protecting Passwords. Retrieved from CISA: https://www.us-cert.gov/ncas/tips/ST04-002

Ron Shuck
About
Ron Shuck
Read more from Ron
As CURO's Vice President of Information Security, internet security and safety is my jam. With over 23 years of experience in information protection and over 35 years IT and management experience, I know more than a thing or two about these paramount subjects. I received my Bachelor of Science summa cum laude in Computer Science from Wichita State and my master's degree in Business Administration from Friends University. I've earned numerous professional-level security certifications because that's the kind of thing I geek out on. I'm the founding and current president of the Central Plains Chapter of the Information Systems Security Association. Outside of the InfoSec game, I enjoy playing golf and guitar.

Recent Articles

Loading...
 
 
Loading...
 
 
Loading...