You probably didn’t know that yesterday was World Password Day. Intel first created World Password Day back in 2013. We celebrate it annually on the first Thursday in May, and the day serves as a reminder of password best practices. Hopefully, everyone realizes by now that they shouldn’t be using things like “Password123!” or anything even close to it. Here are the latest best practices for passwords in 2020!
Stop Using Sticky Notes
Would you hang the key to your home on a hook next to your front door? We didn’t think so.
Despite this, we regularly come across passwords scrawled on sticky notes stuck to the monitor! It should go without saying, but we’re going to say it anyway. Please stop doing this. Please. Especially if you work for the government like the guy in the photo above.
Create Better Passwords
Opinions vary wildly on what kind of passwords you should use. Some say use complex passwords. Others recommend passphrases. In reality, just pick one. Either option works better than “123456” or the combination of a loved one’s name and birthday/anniversary you’ve been using. Admittedly, no one likes coming up with passwords. We have a suggestion for that too. Keep reading!
Password Reuse Practices
reuse the same password for multiple (but not all) accounts
use a different password for all accounts
reuse the same password for all their accounts
Don’t Reuse Passwords
Most likely, you fall in the 65% above that uses the same password multiple times. We’ve all reused passwords before. We get it. Why should you stop anyway?
Hackers and scammers are always trying to steal your passwords. If they manage to get a valid password, it simply becomes a matter of finding other accounts utilizing that same password. When you reuse the same password, you open up those accounts to possible compromise.
We recommend using a different password for every single account. Yes. All of them. Our next recommendation can help with this and all of the previous recommendations.
Use a Password Management System
A good password manager will solve most of your password issues. You can generate complex passwords or passphrases with the click of a button. These systems integrate into your browser and OS. They can work across all your devices.
Already have a lot of passwords stored in your browser? Simply log in, and your password manager will likely detect the login and offer to remember it for you.
Many password management systems exist, but LastPass and 1Password are great options. LastPass even offers a free tier that will work for most individual users. Monthly plans for both offer additional features that you may be interested in such as secure password sharing.
A password manager provides the benefit of only needing to remember a single password. That benefit also poses a risk. If someone cracks that password, they can potentially access every password you own. Most password managers have systems in place to prevent this. Carefully follow their recommendations when setting up your account to keep it secure. Finally, our next recommendation adds an additional layer of protection.
Activate Multi-Factor Authentication (MFA)
“Over time, multi-factor authentication should be regarded as a necessary security requirement for anything that today requires a password, not as an added extra.”
Tim Brown, vice-president, security at SolarWinds
We agree with Mr. Brown. Many people consider Multi-factor authentication (MFA), also known as two-factor authentication (2FA), as optional. Don’t think that way. If MFA is offered, activate it. According to Microsoft, MFA block 99.9% of hack attempts on their own user accounts.
Prioritize MFA activation on sensitive accounts like email and financial institutions. Activation is usually pretty simple, and the security upgrade more than makes up for the effort. This combined with all our previous recommendations raises your password protection to the highest possible levels.