Understanding Password Security and Multi-Factor Authentication (MFA)

How many passwords do you think you have? Whatever your guess is, the actual number is likely much higher. This is because you have passwords for a variety of personal and professional platforms, apps, and websites. You might be forgetting about passwords that you set up on websites you no longer visit. There’s a good chance that those old passwords aren’t long, random, and unique. Even the passwords you’ve set up most recently might not be as secure as you?believe.

This is important because cybersecurity breaches can occur when your passwords can be easily guessed, or if you’ve used them before. This article outlines the tools and best practices when creating and managing your passwords, remembering them when needed, and further enhancing account security with multi-factor authentication?(MFA).

Apply these three tips when creating?passwords

Consider keeping the following recommendations in mind as a standard for secure?passwords:

• Prioritize length over complexity: Longer passwords are harder and take much longer for computers to guess. Using a string of random words (i.e. I miss my lemon muffins) is much easier to remember and input than a complex password (i.e. 1 m!s$ mY 13m0n mUFf!n$!). We recommend aiming for at least 14 characters or 4-6 words to form a?passphrase.
• Create unique passwords: Each account should have a unique password. This reduces the risk of one breached password compromising multiple?accounts.
• Keep your passwords safe: Do not share your passwords with anyone and consider updating your passwords as needed. Avoid storing your passwords in documents or notes on your computer, as well as on sticky notes on your laptop, monitor, or?desk.

Consider using a password?manager

The reality is that you probably have a lot of passwords, and it’s an impossible task to remember them all. That’s where a password manager comes in handy. A password manager is software that can create secure passwords for you and securely store them. There are many password manager options, each with slightly different features and price?points.

Here are a few features and benefits of password?managers:

• Password managers can generate and store complex and lengthy passwords for?you.
• Most password managers require a master password to access your passwords, which adds an extra layer of?security.
• Some password managers have mobile apps for you to access from your?phone.
• Some password managers can also act as an MFA (more on this below) to store your one-time passcodes for multi-factor?access.

Know the benefits of MFA

MFA is a security method that requires two or more types of authentications to verify the identity of a user and grant access to a system or service. Enabling MFA, when possible, can make it harder for cybercriminals to remotely access your?accounts.

Successfully entering your username and password is one of four main types of?authentications:

• Knowledge: Something you know. For example, security questions, username, and?password.
• Possession: Something you have. For example, a work badge, cellphone (text and push notification), hardware token,?etc.
• Inherence: Something you are; personally identifiable. For example, biometrics such as fingerprints and iris scans, or voice?recognition.
• Location: Somewhere you are; your physical location. For example, U.S.-based consumers can only stream North American streaming?contents.

Securing your account with more than one type of authentication effectively sets up MFA on your account. This added layer of security can reduce your account’s exposure when?compromised.

When evaluating your MFA options, consider opting for hardware tokens or authenticator apps when possible. Cybersecurity experts generally agree on the following list of MFA options ordered from most to least?preferred:

1. Hardware token – USB token devices or one-time passcode?generator.
2. Authenticator app – Mobile app for push notifications or time-based one-time?passcode.
3. Email – Code delivered via email. Vulnerable to phishing and email account?protection.
4. SMS – Code delivered via text message. Vulnerable to SIM swapping and SMS?phishing.

A primary element of digital security includes understanding the benefit of unique, lengthy passwords and using MFA wherever you can. A password manager can be a helpful tool when you need to manage multiple passwords. And when you create a new account on a platform or website, taking the time to set up MFA can go a long way in helping you protect your?account.