Our passwords hold the keys to our digital lives. We use them to access bank accounts, medical records, private conversations and more. They may be easy to remember, and sometimes funny, but bad passwords (like the most common passwords of last year) aren’t as secure as they should be, and put users at risk. The problem is that simple, common passwords like these are easy for cybercriminals to guess. This year’s World Password Day is all about sharing password security tips, and helping each other best secure our online accounts. Even Betty White is in on the action with her Password Pep Talks. But more on that later. Let me start things off by sharing some must-know password best practices.
Avoid Using Easy-to-Guess Logins
Long, unique passwords can be hard to remember. While many users make their passwords short and clever for this reason, these types of logins are fairly easy to guess. Cybercriminals often reference the most common password combinations as their first login-guessing tool. Simple keyboard patterns like qwerty or 12345678 are as insecure as passwords like welcome or login.
Forget Using Universal Passwords
We all have too many passwords in our lives. From online banking to shopping to email, we all have countless accounts to keep track of. You might want to use the same password for all of them. But don’t make this mistake. If your data is leaked from one source, you don’t want to give away the master key to all of your online services. Use different passwords everywhere you go, period.
Understand That Personal Details Are Public
Important dates, facts, habits and preferences from your life are just a Google search away. Whether we like to admit it or not, those specifics can play a role when we generate passwords. That’s why cybercriminals will try variations based on certain personal details when they try to brute-force accounts. Place of birth? Favorite food? An important anniversary date? Easily found on the Internet.
Most of this information is available on social media or other popular places online. That’s because we leave a digital trail for almost everything we do. When data isn’t easy to obtain, cybercriminals have other methods to resort to. Techniques like social engineering — where cybercriminals disguise themselves as friends, family or figures of authority to trick a user into taking a certain action online — are powerful, and can easily trick us into giving up personal, sensitive information.
Consider Biometric Security
Many phones today have thumbprint scanners (think Apple’s Touch ID). Voice recognition technologies are advancing, too. We’re rapidly entering an age where we can use our own bodies to verify our identities. While it’s certainly convenient, biometric security may not replace all of our passwords. But it will serve as another layer of security when authenticating into devices, confirming that we are who we say we are.
Basics Are the Basics for Good Reason
At the end of the day, there are certain password best practices that everyone should follow. Use these rules today and immediately improve your security posture.
- Make strong, complex passwords. For starters, long ones are always better than short ones. Make sure to include numbers, lowercase and uppercase letters, as well as symbols. The more complex it is, the harder it will be for cybercriminals to crack the code.
- Regular maintenance is key. Even if you have great passwords, it’s still a good idea to regularly check in on your account security. If you hear of a data breach, take the time to make sure your information hasn’t been compromised. Change passwords regularly—and don’t just make a small edit to the existing one. Make sure every password you create is as unique as the last.
- Use a password manager. We all know the password struggle too well. Look to a password management solution, like True Key to generate secure, complex logins for your accounts and store them for you. You’ll never have to remember a password again—how do you like that?
- Use Multi-Factor Authentication. Anytime you can require multiple login-steps to access a device, take advantage of it. This makes a huge difference in terms of your account security. A complex password plus text message confirmation? A PIN plus a fingerprint? These are great security features, and are even stronger when paired.
Strong password practices are key to securing your digital life. But you don’t have to take my word for it—you can listen to Password Pep Talks from the one and only Betty White, at passwordday.org. If you’d like to join the #PasswordDay conversation, don’t miss the World Password Day Twitter Chat today, at 12pm PST. Just use #ChatSTC to hop in.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Family on Twitter, and ‘Like’ us on Facebook.