Today is World Password Day, so it’s a timely reminder to ensure you have some decent password protocols in place. To help improve your password security, we have compiled a list of the most important tips for managing passwords. When passwords are breached the results can be devastating; you can lose access to email, Internet Banking, social media, cryptocurrency, mobile your phone number and many more.
Here are Three AM’s 6 tips for improving your password security:
- Never use the same password twice, always keep them unique. If your password is compromised on one site, bots will use this password on thousands of other services (matched with your username or email), to see if a match is made. Within seconds, these sophisticated systems will have a list of all services you have that use the same password.
- Don’t use a common password like ‘password1’, or ‘abc123’. Also avoid a password with personal information like your own name, birthdate, pets name or business name.
- Avoid sharing passwords, but if you absolutely must share a password with someone you trust, avoid sending via plain text such as email, SMS or instant messaging – these can all be intercepted. If you must, you could send half the password via one medium, and the other by something else (eg half via email, and the other half via SMS). Using a one-time access system for sending passwords is even better though – we recommend One Time Secret.
- Use randomly generated passwords with the help a password generator, which has a combination of uppercase and lowercase characters, numbers and special characters. Perform a Google search and you will find plenty of examples.
- Use Two Factor Authentication (2FA) via email, SMS or an app, and basically means if someone does get your password, they won’t be able to login without access to your 2FA as well. To avoid constantly needing to punch in access codes, you can setup 2FA so you are only asked for it after a certain period of time if accessing it within the same location, while still providing excellent protection.
And most importantly…
- Do not store your passwords in plain text files on your computer, or saved within emails. Use a secure password manager like LastPass to create a vault of all of your passwords. LastPass is saved on the cloud so you always have access to it on your PC and mobile device. It also allows you to store passwords for websites, apps, and other secure notes. When logged in to LastPass, the browser will pre-fill login forms, meaning you don’t have to go looking for passwords. LastPass has one highly secure password, and due to its vault technology, not even LastPass staff can access your data. LastPass offers free and paid accounts, but in most circumstances the free account offers more than enough functionality.
If you would like a password management consultation to improve your security, get in touch with us!