It is fair to say that one of the biggest customer complaints I hear has something to do with passwords.
Do I have to change my password? Why do we have to log in so many times? Why do I need a code from my phone to connect?
Unfortunately, it is a sign of the times. While technology continues to evolve, cybercriminals will evolve with it, developing new and creative ways to access your information. That being the case, developing ways to secure our accounts is here to stay, at least for the near future.
So, what makes a good password?
Password requirements are often set by your organization or the company where you are looking to access information (Gmail, Microsoft, etc.). Most people will fulfill the minimum requirements to satisfy registration. I wouldn’t suggest just doing the minimum. Complex passwords are paramount to your safety with technology. Why make a criminal’s job easier?
Complex passwords should be:
- At least 12 characters long, but more is better.
- A combination of uppercase letters, lowercase letters, numbers, and special characters (!@#$, etc.)
- They should be hard to guess, different than others you may have, and creating a memorable phase may help as well. If your information is stolen from one website, a cybercriminal may try to use those credentials on other websites.
- If available, using a password generator will create a secure password.
How am I supposed to remember all of the passwords?
I understand; it’s easier said than done. What I suggest is using a secure password manager. Keep in mind that password managers can have security flaws, too.
There is an option to write the passwords down and keep them in a secure area only you can access. Some applications allow the user to create a password hint or reset link if the password is forgotten.
Some applications and organizations may require the user to enable multi-factor authentication. Multi-factor authentication is another layer of security needed to access an account. The password and a one-time code generated by an app are required to complete the sign-on process.
While annoying at times, this is an excellent addition to password protection and can be the extra layer of security needed to save an account if the password is compromised.
It is good practice to change your passwords at least twice a year. I encourage my customers to go through this process at least three times a year. If there is any suspicion of your account credentials being compromised, change your passwords immediately.
It is important never to share your passwords with anyone, especially online. Don’t ever email your passwords to anyone or respond to emails or social media messages requesting your passwords.
We live in an age where online security is paramount to our society. Even though it may be frustrating to have to take these extra steps, it helps to keep us safe. Parents should know how to access their children’s accounts and have the ability to monitor what they do online. That may be a future article. Stay Safe.
Jeff Andros is a Cybercrime, Cybersecurity, Digital Forensics, and Information Technology expert. Visit Cybermack Consultants for more information.