4 Simple Ways to Strengthen Your Passwords
Adam Stahl
Strategist, HubSpot Certified Trainer, HubSpot Academy Bootcamp Instructor, and emojician
It seems like large-scale data breaches that expose thousands upon millions of records are regrettably becoming commonplace today. Protecting your personal and business data should be a priority for anyone that has ever entered information into a web form.
Without taking proper steps to secure your data like login credentials, you could make yourself vulnerable to anything from phishing attacks to full account takeover (or even worse). Even a single breach can cost a business upwards of $2.3 million per attack (not to mention the costs related to things like the damage to your reputation) and personal accounts risk losing personal finances, priceless memories (like photos and videos), and more. One of the most basic ways to improve cybersecurity is to make sure you're following best practices for your passwords.
Studies have shown that, without proper cybersecurity awareness training (including password best practices), employees can potentially be the weakest layer in your cybersecurity. If you're not implementing strong password best practices, even the most advanced cybersecurity systems may not be enough to defend your online accounts from weak passwords like "123456". Beyond that, the processing power of brute-force attacks is unfortunately improving every year as well.
This is precisely why companies need to keep up with ever-changing strong password best practices to stay ahead of the capabilities of cyber criminals. To help get you started on the road to better cybersecurity, we’ve compiled a list of simple ways to strengthen your passwords.
Simple Ways to Strengthen Your Passwords
- Avoid Personal Information
- Use A Passphrase
- Use Unique Passwords For Each Account
- Consider Using A Password Manager
1. Avoid Personal Information
You probably adore your pet, but they probably won't be any more loving towards you if you honor them in your passwords. The same goes for your name, your spouse, your hometown, your college, or your favorite sports team - you get the idea. Via techniques like social engineering, it can be easy for a cyber criminal to find and exploit that type of info with relatively little effort compared to using a stronger password.
2. Use A Passphrase
Remember when password best practices just included suggestions like "add a number or a special character" to a long word? Cyber criminals broke that strategy a long time ago and, for a number of reasons, a single word password with an extra special character or number simply doesn't cut it anymore.
A passphrase is basically just a couple of words or even a whole sentence that you use as your password. Some greater insight from Kelser Systems Engineer Myles Winiski:
Using sentences as passwords is hard to guess and easy to remember. If uppercase / numbers / special characters are required, you can simply integrate them into the password.
For example, “iamafanofthegametetris” is a stronger password than “YgN5#t” because the longer your password is, the exponentially harder it is to brute force.
Spelling words incorrectly is good too along with adding numbers and special characters. This would be an even stronger password: “Iamafanofthagaim*45Tetris”.
3. Use Unique Passwords For Each Account
According to one study, an average user only has six unique passwords to protect 24 different accounts. In that scenario, if one of that average user's accounts was involved in a data breach or compromised otherwise it would make three more of their accounts vulnerable to compromise as well. By ensuring that each of your accounts has a unique password - and we don't mean just changing a single number or character - it minimizes possible damage that could be done in the event that your credentials are exposed in some way.
4. Consider Using A Password Manager
If you're intimidated by the prospect of the previous tips altogether, you may want to consider using a password manager. Password managers not only securely store your passwords but can also generate strong passwords for you. This also helps eliminate the possibility of finding passwords scribbled on sticky notes attached to monitors around your office - which is a big password (and security) no-no.
Also, don't forget to use a strong master password to protect that password manager or all that effort and security will be wasted.
Consider Turning on Multi-Factor Authentication
Though multi-factor authentication (MFA) or two-factor authentication (2FA) doesn't technically make your password stronger, it does help secure your accounts when paired with one. For example, if a cyber criminal does somehow get your login credentials and password, they would still need an additional code to log in. These codes can be delivered to you in a number of ways including by call, text, or an authentication app depending on what the service you're logging into offers. Not every company or service offers MFA for account security so make sure to check first if you're considering activating this feature.
Final Thoughts
Though robust cybersecurity is made up of many layers, each of those layers should be as hardened as it can because you're only as strong as your weakest link. This is why making sure that your organization is following strong password best practices is so important. Better still, the strong password best practices that you're employing at work may also cause you to improve your personal account passwords in your personal life making it a real win-win.
While creating strong passwords is one thing, defending them is another. Did you know that roughly 91% of successful cyberattacks start with a phishing email? Those strong passwords won't do much good if your employees are tricked into giving them directly to a cyber criminal. Find out how strong your "human firewall" is with our no-cost simulated phishing test. It'll show you just how well your company would handle a phishing attack without the nasty repercussions of a real one. If your organization is located in CT, MA, RI or the greater area, sign up for your no-cost simulated phishing test here.
This article also appears on the Kelser blog.