On May 7th of every year, organizations worldwide remind their end users of the importance of a strong password. But with remote workforces becoming the new normal and a sharp increase in the amount of information exchanged digitally daily, strong password best practices must be everyone’s priority year-round.
Despite the increased public importance placed on data security, many still use weak passwords to secure their professional and personal accounts.
As per Google, 24% have used the word “password,” “Qwerty,” or “123456” as their account password, while only 34% change their passwords frequently.
Why is this an issue? Well, regardless of your industry or your organization’s built-in cyber security protection level, simple passwords are trouble for your employees, network, and data. If a hacker easily guesses them, login data for your network, email, and cloud applications, as well as personal passwords for social network sites, personal email, online banking, and e-commerce sites, may be compromised.
Remember: Every login is a chance for a cyber criminal to hack into the company network and steal data. As part of your security awareness training and campaigns, use micro- and nano-learnings targeted to password security and newsletters and posters to remind employees of strong password fundamentals.
For added support, share strong password tips, advice, and best practices with users in newsletters, posters, and emails. Download the Strong Password Kit for more password resources that you can share with those who access your systems.
7 strong password best practices to follow
Cyber criminals know that most people create passwords that are easy to remember and will often reuse the same password across multiple accounts. Because of this, all it takes is hacking into one account to quickly access the rest of them.
Please take a few minutes to review these seven strong password best practices and create new passwords for any accounts that do not follow these password guidelines:
1. Do not use sequential numbers or letters
For example, do not use 1234, qwerty, jklm, 6789, etc.
2. Do not include your birth year or birth month/day in your password
Remember that cyber criminals can easily find this information by snooping into your social media accounts.
3. Use a combination of at least eight letters, numbers, and symbols
The longer your password and the more character variety it uses, the harder it is to guess. For example, M0l#eb9Qv? uses a unique combination of upper- and lowercase letters, numbers, and symbols.
4. Combine different unrelated words in your password or passphrase
This practice makes it difficult for cyber criminals to guess your password. Do not use phrases from popular songs, movies, or television shows. Use three or four longer words to create your passphrase. For example, 9SpidErscalKetobogGaN.
5. Do not use names or words found in the dictionary
Substitute letters with numbers or symbols to make it difficult to guess the password. Or deliberately use spelling errors in the password or passphrase. For example, P8tty0G#5dn for “patio garden.”
6. Use a password manager to store your passwords
Do not store your passwords in a document on your computer. Ensure you’re using the password manager tool the IT/support team provided to store all professional and personal passwords.
7. Do not reuse your passwords
Every device, application, website, and software requires a unique and strong password or PIN. Remember, if a cyber criminal does guess one of your passwords, they will use this to attempt to hack into all of your personal and professional accounts.
Remember never to share your passwords with anyone. This includes your colleagues, the IT/support team, customer service/helpdesk personnel, family members, and friends.
Also, be aware of phishing emails, smishing texts, and vishing calls that ask for your password information — do not reply or provide any personal information, including your password, date of birth, address, or credit card details.
Information You Should Never Include in Your Passwords
When updating and creating new passwords, please do not include the following information:
- Your pet’s name.
- Your birthday or that of family members.
- Any words related to your hobby, job, or interests.
- Part of your home address, including city/town, street, house/apartment number, or country.
- Your name or the name of a family member.
Cyber criminals research their victims online, looking for clues that can help them hack your password. And they will use any clues about you, where you live, your interests, and your family to guess your password strategically.
If any of your passwords use any information linked to you personally, please take a few minutes to update your passwords following our strong password best practices.
How To Keep Your Social Media Password Protected and Secure
Many websites, applications, and tools now allow you to log in using your Facebook, Twitter, Instagram, or other social media account. This adds convenience to the average web user since you do not need to create a new username and password. However, using this feature makes you vulnerable to social network data breaches.
Once a cyber criminal has your Facebook account credentials, they can access any other websites, applications, or tools that you have logged into with Facebook.
Five tips to keep your social network passwords protected and secure
- Do not reuse passwords and change them frequently. Even though you have created a strong password, don’t reuse it across multiple social networks, websites, and applications.
- Use a password management tool to store your passwords. If your IT/ support team has provided you with one, maximize it to store personal and professional passwords.
Some of the most popular password managers are Dashlane, Keeper, and LastPass. Do not store your passwords in a file on your computer or smartphone.
- Use two-factor authentication. If a cyber criminal does guess your social network username and password, two-factor authentication forces the criminal to provide a secure PIN to log in.
You will receive a notification of the login attempt, alerting you that your password has been hacked. If you receive this notification email or text, refuse access, and change your password and username immediately.
- Do not log in to accounts or websites with your Facebook or social network credentials. If your Facebook credentials are compromised, the hacker can now access any applications and websites using your password.
- Pay attention to friend requests, chat messages, and new followers or friends. Be wary of Facebook friend requests from people you’re already friends with on Facebook or Instagram followers with zero posts.
Cyber criminals may hack your friend’s account, send you a friend request, and then start collecting information about you that can be used to hack your accounts. If your social network account is hacked, be public about it, and post something like, “Alert, my account has been hacked. Do not respond to friend requests, direct messages, or chats from my account.”
Above all else, be suspicious and cautious. Do not trust emails asking you to reset your password. No company will ever send you an unprompted password reset or account validation email. If you’re in doubt about a friend request or chat message, ignore it and contact your friend over email or text to alert them to the suspicious request.
2 Simple Tricks to Remember Strong Passwords
Now with all these tips telling you to create different strong passwords for your multiple accounts, you may be asking how in the world you will remember them all. Here are some tips for remembering strong passwords.
- Use a phrase or sentence instead of a word: This is one of the most effective ways to create a strong password that is also easy to remember. Instead of using a single word, try stringing together a few words to create a phrase or sentence. For example, instead of “password,” you could use the phrase “My password is very strong!”.
- Make your password poetic: Think of a poem that you have memorized or that has a strong meaning. Take a line from it and use that as your password. It’s worth noting that you should exchange letters for symbols or numbers to make hacking harder.
You are your best line of defense against cyber attacks and hacks. Create strong passwords. Remember to be wary of emails, text messages, and phone calls that use urgent language and/or promise you a special offer or free prize.
Protecting your data with a Strong Password Kit
Download this Strong Password Kit for more password resources that you can share with users.