Password hygiene refers to the practice of ensuring your passwords are unique, difficult to guess, immune to brute-force cracking, and changed regularly. Passwords are a crucial part of permitting user account access and protecting data and are employed universally. Therefore, they represent a prime target for malicious individuals seeking to steal identities, monitor, take control, or extract financial benefits directly or through extortion. Adhering to the best password managing practices, consisting of well-defined principles and guidelines, can ensure your accounts remain safe. While they cannot guarantee you won’t fall prey, they drastically reduce the chance nefarious actions will succeed.
Using weak passwords is a universal practice
Employing obvious, simple, reused, or common passwords is a surefire way to endanger yourself. The definition of a poor password choice varies by country and can be tied to the collective interest. For instance, soccer enamors Italians, which is why Juventus, a well-known club, is a frequent password choice. In contrast, many sources for partial or entire passwords stem from familiarity and convenience and are ubiquitous. The prime example is an ascending order of numbers, simultaneously the most recurring password, “123456” or the evident choice, “password”.
To put things into perspective, we’ll enlist the help of ExpressVPN, and data they gathered through a joint effort with Pollfish, a mobile poll provider. After surveying 1000 adults in the United States, they discovered that 81% of participants felt assured of the privacy and security of passwords they utilized online. Contrastingly, some things the April 2022 inquiry found about password use are:
- 43.9% of survey-takers admitted to using a date of birth
- 43.8% of people that partook utilized a pet’s name
- 42.3% or 2 in 5 respondents used the first name
- 43% of inquired individuals stated people close to them could guess their online passwords
- A regular individual reuses a password six times across platforms and/or websites
Further, a Google / Harris Poll published in October 2019, the Cybersecurity Awareness Month, revealed that 59% of partaking U.S. adults used either a name or a birthday in their online password. Additionally, 66% reused the password at least once, 4 out of 10 had personal data jeopardized, and roughly 47% of affected users incurred financial loss.
Ways to make passwords stronger
The only way to negate a weak password is to promptly exchange it for a strong one. The World Password Day, May 5, serves as an annual reminder to be proactive. To remain protected, on top of managing practices that will follow, you must choose a strong password that needs to be:
- Long – Security experts concluded that a strong password consists of at least 8 characters. However, the preferred length is between 12 and 15 characters. Every additional one makes things harder for the ill-intentioned individuals, i.e., the more, the merrier!
- Varied – Users oftentimes rely on easy-to-type alphanumeric characters. While a step in the right direction, this is nonetheless a flawed practice. For best results, passwords should also contain a string of mixed symbols and uppercase and lowercase characters.
- Random – Though the approach above is also a leap forward, a password will never be strong if it isn’t random. That’s correct—it shouldn’t be a word from a dictionary, but a haphazard mix of numbers, characters, and symbols. Since these are tough to come up with manually, we suggest using online password generator tools.
- Unique – Going by the bit of information we mentioned above, if a hacker acquires one password, they instantly gain access to six accounts. To maximize safety, each password should be distinctive, and, ideally, never resemble any previous ones, let alone follow a formula. No matter how complex, reused passwords are easy to crack.
Measures to secure your passwords
Besides a strict approach to creating them, users must keep passwords safe through efforts to bolster their data security. That brings us to the leading practices to ensure your accounts stay safe through password managing:
1. Change your passwords regularly
Experts typically recommend switching your passwords across the board every one to three months. Though there are no rules, these are valid guidelines. While tedious, hence people delay, or even worse, avoid it, the procedure becomes drastically easier when combined with measure #3.
2. Utilize multifactor authentication
Most people recognize this option as two-factor authentication, i.e., two-step verification. This feature adds extra layers of protection to a username, e-mail address, and password. You can utilize:
- Something you can remember – PIN (Personal Identification Number), pattern, or a secondary password
- Something only you own – a mobile phone that can receive SMS, credit card or ATM (automated teller machine) card, unique token stored on an external device such as a USB stick or a key fob
- A unique part of you – voiceprint or fingerprint
3. Use a password manager tool
Though you may be tempted to write complex passwords down on a piece of paper, don’t. The same goes for storing passwords in digital notes on devices. Instead, you should use a staple among practices for password managing. Password management tools will not only store all your passwords in one place but encrypt them. Consequently, you need a single master password to unlock the database. Moreover, many such tools integrate into applications such as web browsers, and will securely autofill passwords to prevent keylogging.
4. Check for data breaches
If hackers get their hands on databases of user credentials from a data breach, the precautions you took are irrelevant. To combat that, run frequent checks on websites such as Have I Been Pwned? Many password managers, besides putting passwords in a vault, also periodically scan your credentials against the newest data breaches. Even if they only included your email, chances are hackers also compromised your password.
5. Employ a VPN (a virtual private network)
We already defined a VPN (Virtual Private Network). Besides hiding your identity and online activities by obfuscating your real IP address, it will encrypt data traffic, making MITM (man-in-the-middle) attacks futile. Combined with only visiting websites using HTTPS (Hypertext Transfer Protocol Secure), VPNs will ensure the personal information you enter remains private and protected.
Passwords are the staple of user accounts, whether for social media, entertainment, financial and healthcare data, or government websites. They also protect personal data, from facilitating user access control to devices to shielding sensitive information such as notes, photos, and videos. Having so much to lose as a victim of phishing, data breaches, hash cracking, direct hacker attacks, or poor password handling makes it crucial to adhere to password hygiene. Managing passwords properly will guarantee that only you have the keys to the kingdom, so to say.