World Password Day takes place every first Thursday of May. It aims to raise awareness about the importance of having strong passwords and how to develop good password habits.
Why is having strong passwords important?
We use passwords to access many different accounts, from work-related tools and communication channels to personal online banking and social media. Strong passwords are difficult to guess or crack, so they help keep our online data, accounts, and other digital assets safe and secure.
However, cybercriminals are constantly trying out different ways to steal our passwords, such as by launching phishing, malware, or brute force attacks. If they manage to obtain our passwords, they could access our online accounts, steal sensitive data, and compromise our digital assets.
What are some good password habits that you should practice?
Adopting these six habits can help you create strong passwords and minimize the risk of unauthorized account access.
1. Don’t use common passwords
Cybercriminals often start with common passwords when attempting to break into a user’s account. By using a common password, you are essentially giving hackers an open invitation to access your sensitive information.
Some of the most common passwords in 2023 include “123456,” “password,” “qwerty,” and “111111.” If you use any of these passwords, change them right away.
2. Use passphrases
The National Institute of Standards and Technology (NIST) no longer recommends using passwords that contain a combination of upper- and lowercase letters, numbers, and special characters. This is because when people are forced to create overly complex passwords, they tend to use predictable patterns, such as substituting “o” with “0” or “e” with “3,” making them easier for cybercriminals to crack.
Instead, NIST recommends using a passphrase, which consists of at least four random words that are not typically used together in everyday conversation. Passphrases are long, easy to remember and type correctly, but difficult for cybercriminals to crack.
You can use the Diceware methodology to generate a strong passphrase. This method involves rolling a set of dice to generate a random sequence of numbers, each of which corresponds to a unique word on a predetermined list. The resulting sequence of words becomes the passphrase.
3. Check passwords against known lists of compromised passwords
Cybercriminals often exploit lists of login credentials exposed in previous data breaches to gain access to other accounts that use the same username and password combination. This is known as credential stuffing.
By checking your passwords against known lists of compromised passwords, you can ensure that you are not using a password that has already been compromised. If your password is included in one of these lists, change your password immediately.
4. Use a different password for each account
Reusing passwords for more than one account increases your risk of getting hacked. If a cybercriminal obtains one of your login credentials, they can use the same login credentials to access your other accounts.
5. Use a password manager
A password manager not only generates strong and unique passwords for you, but it can also securely store all of your login credentials in an encrypted database. This means you don’t have to remember all of your passwords. Instead, you simply need to remember one password (i.e., your master password), which unlocks the password manager and lets you access all your stored login credentials.
A password manager can also scan your existing passwords, identify any duplicate or weak passwords, and prompt you to update them. It can also autofill login credentials for you, saving you time and reducing the chance of making errors when typing in passwords. Moreover, paid password managers have an additional secure password-sharing feature, which can be useful for safeguarding shared online accounts.
6. Enable multifactor authentication (MFA) whenever possible
MFA requires users to provide two or more forms of identification to gain access to an account. This makes it more challenging for cybercriminals to access the account, even if they have the password.
Following these six good password habits can help keep your online data and accounts safe from cybercriminals. To further boost your company’s security posture, leverage predictiveIT’s managed cybersecurity services. Book an appointment with us to learn more.