4 Dos and 4 Don'ts To Create Strong Passwords

Online security is top of mind for all businesses and strong passwords are critical in protecting your business and your employees. Everything needs a different password - email, social media, banking and more! How do you come up with different passwords for every account with so many passwords? This article will help you with four dos and four don'ts to create strong passwords.

What to DO to Create Strong Passwords

1. Use a Password Manager. If you can't remember which all of your passwords, that's where a password manager comes into play. A password manager is software that creates and stores all of your passwords in one place. Password Managers work across computers, laptops, tablets and smartphones.
   
   You set up a master password with a password manager to access the software. Then when you log in, the manager will automatically fill in passwords for the sites you save. While browsers like Google Chrome have browser extensions that act as password generators, concerns exist about how they secure your stored passwords.
   
   
2. Use available tools to monitor your passwords. Cybercriminals hack businesses and databases every day. It's only a matter of time before one of your passwords ends up in the wrong hands. Companies can take advantage of dark web monitoring services to monitor employee credentials for accounts that may be compromised.
   
   On a personal level, tools like Google Password Checkup can show you compromised passwords. When you find these exposed passwords, immediately change your credentials to avoid becoming victims.
   
   
3.  Use long passwords. Security experts agree that the longer the password, the more secure. Most recommend passwords of at least eight characters or more.
   
   Also, be sure to use capital letters, numbers and symbols. Passphrases, which are combinations of unrelated words, numbers and symbols, are thought to be the best options for security.
   
   
4.  Use multi-factor authentication. Multi-factor authentication (MFA) provides an extra layer of protection for password security. With MFA, you provide your regular login and password information and another verifier for extra security. You can receive MFA verifiers via several methods, including text messages or email.
   
   While getting codes via text message is easy, hackers can utilize SIM swap fraud to intercept messages. Instead, use an app like Authy or Google Authenticator to get your authentication codes. With these apps, you can register your device or browser, allowing you only to have to use MFA the first time you log in.

What NOT to DO to Create Strong Passwords

1. Don't recycle passwords. Pick a unique password for each account you have. If you reuse old passwords and a hacker gains access to them, they have access to any other account for which you've used that password. Using a different password for each account means that if one account gets hacked, the bad guys won't get access to all of your accounts.
   
   
2. Don't use common words or character combinations in passwords. The goal of strong passwords is to make a password that you can't easily guess. Never use words like "password," and d Don't use the apparent character replacement for a letter. For instance, changing the s in password to $ is never a good idea. Finally, stay away from passwords that include your name, pet's or kid's name, birthday or anniversary, or anything about you that someone could easily find online.
   
   
3.  Don't use a password that you know has been compromised. As discussed above, there are plenty of resources to utilize to find out if a password has been part of a data breach and is available on the dark web. If you find an exposed password on an account, change it on any account used, and do not use that password for any new accounts.
   
   
4.  Don't store your passwords on your computer in plain text. We have been told not to write down our passwords for the longest time. As it turns out, that's probably safer than having your passwords in a Word document on your computer. If someone gains access to your computer and finds that file, your security is gone.
   
   

If using a password manager is not your thing, keeping a written log of passwords is a viable option to track credentials. Ensure your information is kept in a locked drawer and out of sight of others.

When dealing with creating strong passwords, being proactive is the best protection. Use available tools to determine that your current passwords aren't compromised. If you find a breached password, change it immediately. While no password is 100% secure, following these helpful tips can provide you with peace of mind and security against hackers and cybercriminals.

If your business wants to implement MFA or learn about employee credentials on the dark web, Fraser can help. Click the button below to reach out to our IT experts today.