It’s important to keep your accounts and information safe from cyber attacks and maintain healthy cybersecurity compliance. The first line of defense is strong, long and complex passwords.
Hackers have sophisticated password-cracking tools to try and break into your accounts, but their best method is usually via brute force. This is when they test thousands of password and username combinations.
It’s crucial to take preventative measures to safeguard your personal, business and financial information, or hackers can commit identity fraud, sell your data to other cyber criminals, empty your bank account or worse.
Read: The Best Practices Against Cyber Attacks
You shouldn’t reuse passwords for multiple accounts, especially for business and personal accounts. If hackers access one password, they potentially gain access to all accounts with that same password, including email, social media, banking and more. Even though 84% of the world reuses passwords, you should instead create a different password for each account.
We know it’s hard trying to create a new password for each account (the average person has 100 passwords) and password fatigue is an exhausting reality, but it’ll save you in the long run. When hackers attempt credential stuffing, which is when hackers use stolen credentials across multiple accounts, you can easily deter them with new passwords.
Keeping your passwords the same increases your chances that someone will guess them eventually. You should change them regularly but not to the point where you will forget them. We recommend you change them at least every three months. However, if you are a cyber attack or hack victim, you should change your password immediately. When you do change it, don’t change only one character, like a “2” to a “3” – create an entirely new password that has nothing to do with the compromised one.
Did you know that “password” and “123456” are the most common passwords, followed by “111111” or “abc123”? These obvious and simple passwords offer no protection and should be avoided. Also, don’t use passwords from memorable keyboard paths, like “qwerty” or “asdfgh.”
Instead, create a password that no one will guess. Your password should be longer than one word followed by a number or exclamation point – it should be a passphrase with multiple words that is long but easy to remember for you. Your password should also contain a mixture of complex characters, including numbers, special symbols (!, @, #, $, %, &) and both uppercase and lowercase letters.
When creating your password, don’t use words found in the dictionary. Hackers’ tools try thousands of common words when guessing passwords. Passwords that are misspelled make them harder to crack. You can also substitute letters for numbers or symbols for extra protection. For example, “eggs” could be “3ggz” or “short” could be “$h0rt.”
Speaking of characters, avoid short passwords, as they are easy to guess. Length matters more than complexity. We recommend at least 19 characters to thwart hackers. You can test your password with online testing tools, such as passwordmonster.com.
Avoid creating passwords riddled with personally identifiable information (PII) that can be easily found online. This includes:
Your password should have random words. Some like using their favorite line from a book or movie as their password; others just string together random words, like a color, toy and shoe.
This might sound obvious, but you’d be surprised. If you write down your passwords or share them, then someone can easily find them and access your account.
Use a password manager, an encrypted software tool to help create strong, random passwords and store them for your various accounts. Password managers automatically log you in when you go to a site, which can protect against phishing attempts; if you’re taken to a website that doesn’t automatically fill in your information, odds are, you’re at a phishing site.
At Thriveon, we understand the importance of keeping your data safe from cyber criminals. That’s why our cybersecurity services are about protecting your business and empowering your staff while maintaining cybersecurity compliance.
Schedule a meeting to learn more today.