Good password management is a foundation stone of cybersecurity for individuals and organisations. It has long been predicted that the password will die but it is still with us for the immediate future. The problem they present is that we use online services as part of our daily lives. Many of us have hundreds of passwords and with that in mind here are some tips for password success.
Use strong and unique passwords.
A unique password is one that is dedicated solely for one website or service. This is important because if a hacker successfully gains access to one of your accounts using a weak or reused password, they can then use that same password to try and gain access your other accounts. Here are a couple of processes that will help.
Create passwords that are as long as you can remember with ease i.e. a passphrase that may contain several words and are difficult to guess. Sprinkle a combination of upper and lowercase letters, numbers, and symbols into your passphrase. An example passphrase may be “Football teams LOVE a whining opponent in ’23.” And if they are supported, why not add an emoji?
Current National Cyber Security Centre (NCSC) advice is to use three random words and you may find this easier to use. This technique again uses password length to improve strength. The method requires randomness in the choice of words which should not be readily associated with you ie don’t use family names or those of your pets in your password selection. An example three random words example might be “Field Renaissance Blue”.
The key point is that once you have created a unique password, don’t be tempted to use it elsewhere!
Enable two-factor authentication
The idea behind two-factor authentication is to add an extra layer of security to the login process. For example, in addition to entering your password, you might also be required to enter a short code. This could be a code generated by an app on your phone or one that is sent to your phone or email. Some websites use a physical token like a key fob that you may have seen if you use on-line banking.
This added security helps to protect your accounts from hackers that might try to gain access using stolen login credentials. It’s a good idea to use multi-factor authentication with every website that supports it to add an extra layer of security to your accounts.
It is not a good idea to share your personal passwords with anyone. Nor is it a good idea to use a work-related password in your personal life. If you absolutely must share a password with someone, remember that any nefarious activity will be traced back to you as the account holder. If you still want to share a password then use a secure method e.g. a telephone call to transfer the information. As soon as possible afterwards, change it!
Use a password manager
A password manager can securely store your passwords and generate strong, unique passwords for you. It also eliminates the need to remember multiple passwords. Using a password manager has several advantages over saving passwords in your browser.
- Stronger security: Password managers are purposefully designed to securely store your passwords and protect them with encryption. They are typically more secure than saving passwords in your browser, which can be vulnerable to hacking or malware attacks.
- Cross-device syncing: Password managers often have apps for multiple devices, so you can access your passwords from anywhere. This is particularly useful if you switch between different devices throughout the day e.g. use a Windows laptop and an iPad or Android mobile phone.
- Improved password strength: Many password managers can generate strong and unique passwords for you, which can help you avoid using weak or easily guessable passwords.
- Passwords uniqueness: If you have re-used passwords, your password manager should highlight this and give you the opportunity to change one of the duplicates.
- Convenience: A password manager can automatically fill in your login information, saving you time and effort. This is especially useful if you have hundreds of accounts all with different passwords.
- Simplified password management: With a password manager, you only need to remember one master password. This makes it easier to keep track of your passwords and reduces the risk of forgetting them.
- Password breach notification: A good password manager will let you know if a website that you use has been breached and give you the opportunity to change the password.
The NCSC has endorsed the use of password managers and has issued guidance for buyers. Of course, using a password manager puts all of your secrets into one basket but the benefits outweigh the risks and a password manager will improve your overall security. If you are interested in buying or replacing your current password manager, for less than the price of a coffee per month please see our Keeper password manager.
Finally, it’s also a good idea to review and update your passwords on a regular basis. This can help to ensure that your passwords remain secure and effective over time. This can also prevent using the same password for a long time that may have been compromised. A review is a golden opportunity to substitute shorter passwords with longer and more complex replacements.
In conclusion, password management is essential for protecting yourself and your business from cyber threats. By using strong and unique passwords from a password manager, employing multi-factor authentication, and regularly updating your passwords, you can help to keep your online accounts and sensitive information safe and secure. With these strategies in place, you can have peace of mind that your personal and professional information is protected.