You’ve heard it many times and have seen it suggested more: choose a strong password! But it is easier said than done, especially when you have so many different strong passwords to keep track of.
It can certainly be tempting to select one simple password for everything. However, this is the worst thing you can do! And not only does that endanger your privacy, data, and identity, but did you know that it also endangers those adjacent to your services?
As you can imagine, there are institutions that set password guidelines for industry adherence. When you put all of the standards together, there are some stand-out rules. We have compiled six of our favorites that should keep you and your data safe.
1 The Best Passwords Are At Least 10 Characters Long
Don’t worry, you won’t need a thousand words to create a secure password. However, they do need to be at least 10 characters or more, ideally around 18. This will help to ward off the brute force attacks used to guess passwords to crack into user accounts.
Brute force attacks are aggressive, persistent attempts by cybercriminals to access password-protected accounts. There are several types of brute force attacks, but in general, they make use of programs that run through all possible permutations and combinations of letters, numbers, and symbols until a correct match is made and an account is breached.
When you crunch the current data on these brute force methods, the takeaway is that a password needs to be as long as possible to make it virtually impossible for a program to guess it in this lifetime.
Take away: Passwords should be 10-20+ characters long, with numbers, symbols, and uppercase and lowercase letters.
2 Change Passwords Once a Year. Minimum.
When you see how brute force attacks work over time, taking increased CPU into account, you can intuitively deduce that a password needs to be changed regularly. As technology becomes quicker, these programs run faster and achieve their malicious goals sooner.
While you could technically keep a complex 18-character password for a lifetime by today’s standards, technology speeds up exponentially. Best practices could change in a few months or overnight. Record the date that you change your passwords and schedule a reminder a year down the line or sooner if you’re feeling ambitious!
Takeaway: Change your passwords every year.
3 Never Reuse Passwords
Data leaks often consolidate millions of usernames and login credentials that are made available to cybercriminals for purchase. These data dumps remain available forever, just like anything that is put on the internet.
For this reason, it is best that you never reuse a password, as it could come back to haunt you years down the line. This means that you shouldn’t reuse your 2017 Gmail account password as your 2018 Twitter password. This also means that you shouldn’t use the same password, no matter how long or varied, for more than one account.
Takeaway: Every account needs a unique password that should never be used again once changed.
4 Don’t Use Real Words or Personal Information
It might seem intuitive and safe to make easy-to-remember passwords out of birthdays, names, and numbers that have personal meaning to you. However, chances are that this information is out there for the taking, even if you think you’re careful about how much personal data you have on the internet.
These days, Facebook displays our birthdays for public viewing if we don’t remember to review our privacy settings. Even if you do toggle the display off, the wall posts of your friends wishing you happy birthday can still be accessible, even when deleted! Never make any assumptions about what information can be accessed online. If you have posted something private, even when it has been deleted, it can still be accessed. Create a password with the uncomfortable assumption that the guesser knows everything about you because they just might.
Takeaway: Keep passwords random and keep personal information out of them. Assume that the guesser knows everything about you.
5 Account Compromised? Change Passwords Immediately
Data breaches are now commonplace and even the most security-conscious companies are not immune. If you are informed that you are part of a data breach, ensure that you change your passwords immediately. You should take the same precaution if you receive a notification from one of your accounts, Facebook, for instance, notifying you of unsuccessful login attempts on your account. This is a common occurrence after data leaks, as cybercriminals attempt to match your leaked credentials with a guessed password.
Because brute force attacks usually make attempts across all accounts where your email has existing credentials, you should change all of your passwords during these compromises. Yes, this is a massive annoyance and inconvenience, but it is a safety precaution that should set your mind at ease once accomplished.
Take away: Take immediate action and change your passwords in response to suspicious events that endanger your accounts or data.
6 Set up 2FA Now!
Yup, another pain in the neck, but well worth it is Two Factor Authentication, referred to as 2FA. When you start accounts, this is often an option you can put off, but don’t. This additional layer of online protection ensures that only you can access your account. Three common factors characterize the 2FA process: something that you ‘are’, ‘know’, and ‘have’. We are big fans of using your mobile phone or personal email (or both) to receive login alerts and require 2FA.
Take away: Implement 2FA as soon as you’re prompted to. Don’t put off your online security!
Important Password Tips To Keep You Safe
So, to review the take aways to keep your data safe with optimal passwords:
Passwords should be 10-20+ characters long, with numbers, symbols, and uppercase and lowercase letters.
- Change your passwords every year.
- Every account needs a unique password that should never be used again once changed.
- Keep passwords random and keep personal information out of them. Assume that the guesser knows everything about you.
- Take immediate action and change your passwords in response to suspicious events that endanger your accounts or data.
- Implement 2FA as soon as you’re prompted to. Don’t put off your online security!
At Smartweb Canada, we host our client’s websites on our dedicated server for extra protection and surveillance. Needless to say, we care a lot about online security.
You can get in touch and chat with us about online security and website maintenance anytime!