Every year on February 1st, we observe National Change Your Password Day. While it may not grant you a day off work, it offers a valuable opportunity to perform a quick check and ensure you’re using strong passwords to safeguard your accounts.
Traditionally, the advice was to change your password every three months. However, with the advent of advanced tools like password managers and data encryption, experts now emphasize the importance of the type of password you create rather than how frequently you change it. Below, we share current guidance on crafting robust passwords that enhance your account security and keep hackers at bay.
Complexity is Key: Aim for complexity by incorporating a mix of uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information like birthdays, names, or common words. The more intricate and unique your password, the more challenging it becomes for hackers to crack.
Opt for Longer Passwords: Longer passwords offer an additional layer of security. According to Hive Systems, a brute-force hacking attempt can crack an eight-character password in less than one hour. When creating a new password, strive for a minimum of 12 characters. Consider using passphrases—sequences of random words or a sentence—that are both robust and easier to remember. For instance, a random passphrase like “cogwheel-rosy-cathouse-jailbreak” can be generated from websites like useapassphrase.com.
Use Unique Passwords for Each Account: Resist the temptation to reuse passwords across multiple accounts. Uniqueness in passwords ensures that if one account is compromised, the damage remains contained. Consider employing a reputable password manager to generate and securely store complex passwords. Avoid using Google or your browser’s password manager, as compromising your Google account could jeopardize all your passwords.
Update Passwords Annually: If your account hasn’t been compromised, you only need to change your passwords once a year to reduce unauthorized access risk. Regular password changes are exceptionally helpful if you suspect unknown access to your account, making it harder for attackers to maintain prolonged access.
Implement Multi-Factor Authentication (MFA): MFA combines something you know (your password) with something you have (e.g., a code sent to your phone).Even if your password is compromised, MFA significantly reduces the chances of unauthorized access.
Set Up Strong Password Recovery Alternatives: Leverage password recovery options like security questions or alternative email addresses. Ensure that the answers to security questions are not easily guessable or publicly available.
Utilize Password Managers: Avoid the risk of forgetting passwords or writing them on sticky notes by using a secure password management tool. Be cautious and turn off the auto-fill feature to prevent potential security risks.
Regularly Review Account Activity: Keep an eye on your account for any suspicious logins or activities. Many online platforms offer features to notify you of unfamiliar login attempts, enabling swift action against unauthorized access.
As cyber threats evolve, mastering cybersecurity fundamentals, including strong password creation, is crucial. By making informed choices and staying proactive, you can significantly enhance your online security.
However, as an organizational leader, it’s vital to acknowledge that no system is foolproof. Educating your team on cybersecurity best practices is essential, but human errors can still occur. It’s not a matter of if but when. Therefore, it’s imperative to have a robust cybersecurity plan in place.
The right IT team will ensure that you have comprehensive protection measures and a crisis management plan ready in case of emergencies. To identify any gaps in your cybersecurity system, we offer a FREE Cybersecurity Risk Assessment. Click here to book yours now.