The Guide for Creating a Strong Password
The importance of strong passwords for online security
Would you agree that passwords play a pretty important role in the safety of your business assets?
Passwords safeguard your computers, bank balances, e-commerce website, 401K savings, health records, private documents such as photos, videos, writings, business papers, investments, trade secrets, intellectual property, and plenty of other critical assets.
In short, passwords protect an ever-growing stock of sensitive information.
Needless to say, you should use smart passwords to protect your online assets from cyber danger.
Passwords Safeguard Your Life and Business
Will your business online accounts be safe from cracking algorithms?
Common mistakes people make when creating passwords
The human brain has a hard time developing countless different and inventive passwords one needs to use the Internet nowadays.
It’s challenging to create passwords using a new random string of characters each time, let alone expecting you and your team to remember all of them by heart.
Still, it’s a good idea not to make these mistakes when creating and using passwords. They will put your personal and business assets in a vulnerable position:
1. Using Data that Identifies You
It is not a good idea to set passwords based on personal information such as your birthday, anniversary dates, the names of your loved ones, or even your favorite sports team that happens to be posted on your Facebook or LinkedIn profile.
Millions of Personal Identifiable Information (PII) have already been leaked from major sites such as Equifax, LinkedIn, Marriott, Target, AT&T, and more, and it’s been made public on the Dark Web for cybercriminals to abuse.
This puts your online accounts at significant risk of being breached by automated tools that use the leaked PII in their cracking algorithms.
2. Reusing Passwords
And think twice about using the same password across multiple accounts, please!
Yes, it is convenient to have one password for everything. But if one account gets compromised in a data breach, all your other accounts become vulnerable immediately. Most cyber-attacks are automated, so sending a hacker bot to probe other accounts is easy once one password is known.
Wouldn’t it be preferable to have unique passwords, reducing the risk (at least some) of your business accounts being breached?
The good news is you can enlist the help of a password manager to effortlessly remember those countless of long, strong, and unique passwords. (More about password managers below.)
3. Using Patterns or Common Passwords
Patterns might have worked well in the 90s and even 2000s, but not anymore. After considerable data breaches, all those passwords are now public knowledge and are readily available for cracking algorithms.
Here’s a list of the 20 most common passwords analyzed by NordPass and published by the World Economic Forum. If you’re using any of these, change it immediately. It will be cracked in less than one second:
1. 123456
2. admin
3. 12345678
4. 123456789
5. 1234
6. 12345
7. password
8. 123
9. Aa123456
10. 1234567890
11. UNKNOWN
12. 1234567
13. 123123
14. 111111
15. Password
16. 12345678910
17. 000000
18. Admin123
19. ********
20. user
In the Crosshairs
4. Storing Your Passwords in Plain Sight
Writing passwords down on a text file or Excel sheet on your computer or a Google Doc or GSheet is unsafe.
Writing passwords down on paper or posting them on sticky notes on your monitor for everyone to see is unsafe, too.
You could write them on paper if you keep them in a safe or a cabinet under lock and key. This approach would be okay for critical accounts you seldom access. Otherwise, it isn’t practical or sustainable. You or your team would soon quit all good intentions if you had to unlock the cabinet multiple times daily to access your passwords.
5. Your Team Uses Unsafe Sharing Practices
Having your team pass around pieces of paper, copy-paste, or snap photos of passwords to text or email each other is unsafe. Not only does it hurt your team’s productivity, but it makes your business vulnerable to cyber threats.
6. Storing Passwords on Your Browser
The major web browsers like Chrome, Edge, and Firefox prompt you to save passwords there. It is convenient, but unfortunately, it is a terrible safekeeping idea for these reasons:
- Web browsers are not designed to keep your data locked securely. They’re designed for, well, browsing the web. Your passwords will be vulnerable and much too exposed to the very thing they’re to be protected from.
- A browser is vulnerable to hijacking. When browsers sync bookmarks, browser sessions, extensions, and passwords across your devices, they do so through the cloud. This makes it easier for anyone to get inside your accounts using a different computer and access your passwords.
- A browser does not let your team access passwords for shared online accounts in a secure way
Witness password vulnerability when stored in web browsers:
How to Create a Strong Password
Now that you’ve read about the importance of strong passwords and the common mistakes to avoid let’s learn simple and practical tips for creating robust passwords:
Example of a Strong Password
A strong password consists of all three elements: a long string of mixed characters that is unique per account.
A password must consist of at least 13 characters, including numbers, upper- and lowercase letters, and symbols, to be in the green.
Image reposted with permission of Hive Systems.
To come up with excellent passwords that will take billions of years or longer to crack, even with super-duper hardware, use a trusted password generator:
Use a Password Manager to Protect Your Accounts
Remembering multiple complex passwords is challenging. There’s no denying that. Thankfully, password managers come to the rescue.
A password manager is a digital vault that stores all your passwords in a secure, encrypted environment. It helps you generate strong, unique passwords for each account, eliminating the need to remember them all.
Think of a password manager as your bank’s vault where you store precious valuables that require tighter security. Using them offers lots of advantages:
Password Manager Apps
Make sure you pick a trusted password manager. Here are some top picks:
2. NordPass
3. Dashlane
Food for thought
Would you entrust the security of all your business accounts to a free password manager app?
Install your selected choice on all your devices. Download their mobile app directly from their website, ensuring you triple-check that you’re downloading from their legitimate URL.
If you have an iPhone or iPad, you can download their app from the App Store. However, you must ensure you’re downloading the legitimate app. Triple-check the name and look for similar spellings, typos, or lookalikes.
The last thing you want is to install an imposter Password Manager, which is known to have happened. (Malicious apps may lurk everywhere, even in the App Store.)
Two-Factor Authentication and Its Role in Your Security
Use two-factor authentication (2FA) or multi-factor authentication (MFA) wherever possible. It makes your account much more secure.
Two-factor authentication adds an extra layer of security to your accounts by requiring two forms of verification:
- something you know (your password)
- something you possess (a fingerprint, a one-time code, or a hardware token)
MFA Security
By enabling 2FA, even if someone can obtain your password, they won’t be able to access your account without the second verification factor. This significantly reduces the risk of unauthorized access.
Start enabling 2FA with your most important accounts: business email, business financial accounts, e-commerce store, merchant accounts, Amazon or other vendors where your credit card might be stored, healthcare providers, etc. Then, add 2FA to other accounts as you go along.
Passkeys: The Future of Passwords is Here
Christian Brand, Google Security
(…)
Passkeys will replace even more sophisticated fixes like multi-factor authentication, SMS messages, or authenticator apps.
A passkey is a FIDO (Fast IDentity Online) credential stored on your computer or cell phone. Passkeys are a type of passwordless login that is much more secure and easier to use than a typical password.
Instead of creating a password, you let your password manager or authenticator app create the passkey. In cryptographic terms, the passkey’s public key is stored on the website or in an online account, and the private key is stored on your device, usually secured by MFA or biometrics (Face ID, Touch ID, etc.).
There is no password to remember. However, you still need a trusted password manager to store each website’s passkey.
When was the last time you evaluated your business cybersecurity?
Let us help you protect your business from cyber threats.
Book your Cybersecurity Strength Assessment call today.
To Recap
Take the first step in strengthening your business online security by adopting strong passwords
Creating a strong password is the first defense against cyber threats.
By avoiding common mistakes, understanding password strength, and following best practices, you can significantly enhance the security of your business online accounts.
Remember to create strong passwords: long, complex, and unique per account.
Avoid using personal or public information easily associated with you or your business.
Consider using a password manager for greater convenience, productivity, and security.
Enable two-factor authentication.
Embrace passkeys as soon as you’re ready.
By taking these proactive measures, you take control of your online security and protect your personal and business information from potential data breaches.
Don’t wait until it’s too late!
Book a Cybersecurity Strength Assessment Call today to ensure your online accounts are secure and protected.
0 Comments