Better Password Practices

Home » posts » Better Password Practices

Anything we do online, which is nearly everything, is protected by a string of characters. Whether it’s your bank account, email, or social media, that one key holds a lot of power. But here’s the problem: most of us don’t give our passwords the attention they deserve. Weak, reused, easy-to-guess passwords are like leaving your front door wide open.

So, how do we fix it?

It starts with a few simple habits that make a world of difference. Practicing good password hygiene will help you keep all of your sensitive information safe from hackers trying to access your accounts.

Turn on Multifactor Authentication.

Enabling multifactor authentication is likely the most crucial action you can take to protect yourself right now. It adds an extra layer of protection to your accounts, in addition to your password.

Once you log in to your account using your password, you’ll be prompted to enter an additional form of verification, such as an identification code sent via SMS to the phone number associated with the account, to ensure that the person logging in is the account owner. This is also handy because if someone else has your password and is trying to get into your account, you will be notified before they can break in.

Use strong passwords.

You might hear this one a lot, but what makes a password “strong”?

Essentially, a strong password is one that is hard to guess. Avoid using names, birthdays, or common words. A password like “123password” is not going to cut it. It’s not very secure because it uses a standard number sequence followed by a dictionary word. With today’s hacking tools, a password like that can be cracked in an average of two seconds. For example, “S!mpl3r@nD0mK#ey2534” can be considered a safe password.

Some general guidelines to follow to create a secure password:  

  1. Must use at least 16 characters (try to aim for at least 20)
  2. Must include uppercase and lowercase characters (a, A, b, B, etc.)
  3. Must include numeric characters (1, 2, 3, etc.)
  4. Must include special characters (!, @, #, etc.)
  5. Doesn’t have to be completely random; you can use a unique but memorable sentence as well (ex. “Do you own 20 cats?”)

If you are unsure about whether your password is secure enough, you can use a zxcvbn test, such as this free online password checker.

Don’t reuse passwords.

Oftentimes, people use the same password across multiple websites and accounts. This can be risky because if a hacker gains access to one of your accounts, they will have access to all of them. Always use a unique, strong password to prevent this from happening.

Use a password manager.

It can be overwhelming having to memorize a separate password for every account you have, especially when they’re intentionally difficult to guess. That’s why having a password manager is your best friend. There are apps that securely store your passwords and help you create strong ones, and all you need to remember is a “master password” to unlock the password manager. Some popular choices include LastPass, KeePass, 1Password, and iCloud Keychain.

Change passwords if you think you’ve been hacked.

If you get any indication that your account has been compromised, or if you accidentally click on a suspicious link, change your password immediately. This is also where a password manager can be particularly helpful, as some services, such as LastPass Premium, can automatically change passwords for you. It’s always better to be safe than sorry!

Avoid public Wi-Fi for sensitive logins.

Logging into your bank account on your local coffee shop’s Wi-Fi can be dangerous. Hackers can sometimes intercept what you’re typing. If you have to use public Wi-Fi, avoid logging into important accounts. If you need to log into those accounts, it’s strongly recommended that you use a VPN to stay protected.

If you want to stop online tracking over all of your accounts when in public, turn Wi-Fi off on your phone and other devices when they’re not in use. When you do decide to use a device, have a VPN running in the background so that all your information stays protected. Some trusted VPN services are NordVPN, Surfshark, and ProtonVPN.

Stay Alert to Phishing

Even the world’s most secure password is of no use if you just give it away. Be wary of texts and emails asking you to log into something or click on a link. Always check if a website address looks correct. When in doubt, go directly to the website rather than clicking the link. Sometimes, organizations will ask for a special code for verification or access to your account to investigate a possible issue. However, they will never call you first and ask for a PIN or MFA code. If you receive a call requesting an MFA/verification code without any prior notice, be aware that it is likely a phishing attempt.

By putting these simple tips into practice, you’re not only protecting your passwords but also your identity, money, and peace of mind. Think of them as digital self-care. Your future self will thank you!

Uncategorized
The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.