Password Security: More Than Simply Creating Better Passwords

Unfortunately, there is no such thing as a password that can’t be hacked. Phishing scams and malware infections are ongoing problems that get around passwords, and these serious cyberthreats are on the rise — quickly making traditional password security depreciated.

But the good news is, current efforts to phase out passwords are also giving rise to additional security methods that can (and should) be used in conjunction with standard account protection practices. Read on as we outline necessary steps to take in addition to simply coming up with a strong password.

Every account should have MFA.

We briefly covered what multi-factor authentication, or MFA, means in a previous blog and why you need to implement it. The typical and most seen MFA method is a simple text message with an authentication code sent to your phone or other mobile device. It’s rather basic and by no means foolproof, as even mobile data can be intercepted to steal your MFA confirmation. However, it’s an extra hurdle for a malicious actor to overcome and has proven to be effective. In most cases, it works. And if nothing else, you’re more likely to be left alone in lieu of an easier target. So, make sure you use it!

Consider using a password manager.

You should never use the same password for multiple logins. That being said, if you have a lot of passwords (and yes, many of us do these days), consider using a strong password manager such as LastPass or Dashlane. How a password manager typically works is you enter all of your existing account logins into the manager. Then, the manager strongly encrypts them all, and when you need to log into an account, you simply sign in through your password manager which has its own password and log-in process.

You want your manager’s password to be especially long and complex, as it’s going to be housing everything. And you want to make sure that account has MFA protection as well. This is the ultimate solution for keeping all your accounts in one place in as secure a manner as possible.

There is an important caveat to password managers to remember, however. If your device that uses a password manager is ever physically stolen, so is access to all of your accounts. Additionally, even the most popular manager can have bugs and possible exploitations. That being said, should you still use one? The answer is yes.

Never share your passwords.

This should sound like a no-brainer, but the truth is, “social engineering” (more commonly known as phishing) has become frighteningly complex over the last decade. Scammers have become exceptionally good at exploiting human psychology, and it’s getting easier and easier to be tricked into giving up a password or a “secret question” answer to someone.

Whether it’s a coworker, someone claiming to be from tech support, or even your own boss, your password is yours, and you should never divulge it under any circumstances. This is critical to not only your own personal data security, but also that of your entire organization.

Protect yourself from malware.

If social engineering is the man trying to talk you into opening your safe, malware is the man who uses dynamite to blow it open. (And phishing can be used to trick you into holding the stick of dynamite, by downloading the malware in the first place.)

Malware comes in many different varieties. Some are “keyloggers” which record your actual keystrokes, which in turn reveals what you type to log into an account (as well as all sorts of information you tap out on your keyboard). Others outright take control of your system, which gives the attacker access to your accounts that are stored on said system — much like if the device had been physically stolen.

We’ve published numerous articles on how to protect yourself from malware for this very reason. On the part of the consumer, it’s a lot to take in and remember. And it’s exhausting. It’s unfortunate that we live in a world where the burden always seems to fall on the shoulders of those who just want to go about their business in peace. At V2 Systems, we strive to take as much of that burden away from you as possible. Our advice is meant to both inform and protect you, but we can offer much more than advice. Contact us and allow us to stand watch for you, so that you can focus on what’s most important: your actual business.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!