Passwords are the first line of defence against cyberattacks, but it’s a security aspect people often handle poorly. From using generic codes to reusing them across multiple accounts, everyone is guilty of the biggest password taboos. It also doesn’t help that hackers are constantly getting smarter and more proficient at stealing login credentials. According to the most recent Notifiable Data Breach report, compromised credentials make up over 75% of cyber incidents in Australia.
This is proof that strong password practices are more vital than ever. Developing these habits isn’t difficult, either; it just requires a bit of effort on your end. Here’s what you need to do to ensure your account security is as strong as it can be.
Set long and strong passwords
People can be predictable with passwords. They tend to base them on things that can easily be found online, like pet names and birthdays. The more egregious offenders even use ‘123456’ or ‘password’ in an effort to save time. Such reckless habits are the digital equivalent of leaving the key to your front door beneath the welcome mat.
A safer approach is to set long ‘passphrases’ that are memorable but contain words unrelated to each other. For example, a random phrase like ‘laptop kangaroo bridge’ is much more difficult to hack than shorter, easy-to-guess sequences. You should also include upper- and lowercase letters, numbers, and symbols to increase the complexity of your passwords. By incorporating length and complexity, your passwords will theoretically take years for hackers to crack even with an advanced computer.
Never share your password
Sharing your passwords with anyone effectively undoes all the hard work you put into the previous tip. That’s because there’s no guarantee your colleagues can keep your login credentials private or won’t fall victim to a cyberattack themselves. Password sharing doesn’t just involve your friends, either. Phishing attacks often masquerade as legitimate entities like banks to trick you into divulging user credentials over email or a fraudulent website.
In any case, never reveal your password to anyone. Generally, banks or any legitimate online service will never ask you for sensitive information over email. You should also be careful about the sites you visit. If a site URL isn’t prefixed with ‘https’ or a lock icon, don’t enter your login details on that site.
Don’t reuse your passwords
While it’s convenient to use the same password on multiple accounts, doing so undermines your security. If hackers compromise one set of passwords, they potentially have access to other accounts that use the same password.
That’s why you should check your login details for all your accounts. If you’ve used the same password combination for your social media, email, and bank accounts, change it right away. Using passwords that are unique to each site or online service dramatically reduces your exposure to account hijacking.
Use a trustworthy password manager
If you have trouble coming up with and remembering multiple passwords, password managers like 1Password and Dashlane come in handy. These tools generate complex passwords for all your accounts and lock them away in a password-encrypted vault. This means you only have to remember one master password to gain access to all your accounts.
However, there are caveats with using password managers. They tend to be attractive targets for cybercriminals and a successful attack can reveal all your passwords. To avoid these, steer clear of password managers that have been compromised in the past like LastPass. You should run regular security scans for malware that may be attempting to access your password manager. Also, never leave your device unattended in public areas, especially when your password manager is unlocked.
Enable multifactor authentication (MFA)
Having a strong password doesn’t necessarily mean you’re safe from cyberattacks. Any sufficiently motivated hacker can still steal them using sophisticated phishing scams and keylogger malware. The reality is, passwords aren’t foolproof and shouldn’t be the only barrier preventing hackers from accessing your accounts.
MFA fixes this issue by adding another method to prove your identity. The extra authentication method could be anything from one-time SMS verification codes to biometrics like a fingerprint scan. This means that even if a hacker steals your password, they still won’t be able to access your account.
Manage your exposure
In case one of the online services you’re subscribed to is hacked, you must determine if your data has been exposed. The best way to check is through Have I Been Pwned. This site lists data breach incidents that may have affected your account.
If your accounts are compromised, change your passwords and enable MFA immediately. You should remove any devices signed in to that account. If a stolen password is associated with your bank, phone service, or other subscription service, notify appropriate customer service staff. This will prompt them to look for any suspicious activity on your accounts and prevent further damage.
Finally, inform the Office of the Australian Information Commissioner and other affected parties of the hacked account. This is not only a legal requirement, but it also gives your clients time to protect themselves.
Passwords, much like every other aspect of security, are something you can’t afford to manage haphazardly. If you need more guidance regarding password best practices or if you need dynamic cybersecurity solutions, call Empower IT Solutions today. We can protect you from all manner of threats.