On May 7th of every year, organizations worldwide remind their end users of the importance of a strong password. But with remote workforces becoming the new normal and a sharp increase in the digital information exchanged daily, strong password best practices must be top-of-mind year-round.
Despite the increased public importance of data security, many still use weak passwords to secure their professional and personal accounts.
A study found that 30% of online users have been victims of security breaches caused by weak passwords. Moreover, GoodFirms also found that 59% of U.S. adults use their birthdays or names in their passwords. Moreover, 13% of Americans use the same password for all accounts they own.
Why should you be concerned?
Regardless of your industry or organization’s built-in cyber security protection level, simple passwords are trouble for your employees, network, and sensitive data.
The Strong Password Kit
For added support, share strong password tips, advice, and best practices with users in newsletters, posters, and emails. Download the Strong Password Kit for more password resources that you can share with those who access your systems.
Here are seven steps to improve security right at the login.
How do I create a strong password?
Cyber criminals know that most people create passwords that are easy to remember and will often reuse the same password across multiple accounts. Because of this, all it takes is hacking into one account to access the rest of them quickly.
1. Do not use sequential numbers or letters
1234, qwerty, jklm, 6789, etc., are some of the first passwords that bad actors will test.
2. Do not include your birth year or birth month/day in your password
Cyber criminals can easily find this information by snooping into your social media accounts.
3. Use a combination of at least eight letters, numbers, and symbols
The longer your password and the more character variety it uses, the harder it is to guess. For example, M0l#eb9Qv? combines upper- and lowercase letters, numbers, and symbols, making a unique and hard-to-guess password.
4. Combine different unrelated words in your password or passphrase
This practice makes it difficult for cyber criminals to guess your password. Do not use phrases from popular songs, movies, or television shows. Use three or four longer words to create your passphrase. For example, 9Sp!dErscalKetobogGaN.
5. Do not use names or words found in the dictionary
Substitute letters with numbers or symbols to make it difficult to guess the password. Or deliberately use spelling errors in the password or passphrase. For example, P8tty0G#5dn for “patio garden.”
6. Use a password manager to store your passwords
Do not write your passwords or keep them in a document on your computer. Ensure you’re using the password manager tool the IT/support team provided to store all professional and personal passwords.
Additionally, never share your passwords with anyone. This includes your colleagues, the IT/support team, customer service/helpdesk personnel, family members, and friends.
7. Do not reuse your passwords
Every device, application, website, and software requires a unique and strong password or PIN. Remember, if a cyber criminal does guess one of your passwords, they will use this to attempt to hack into all of your personal and professional accounts.
Bonus: Be aware of phishing emails, smishing texts, and vishing calls that ask for your password information.
In the latest Gone Phishing Tournament hosted by Fortra’s Terranova Security, over 60% of participating end-users submitted their passwords after clicking the phishing link.
A sobering data showing us that cyber security starts with your end-users.
Information You Should Never Include in Your Passwords
When updating and creating new passwords, please do not include the following information:
- Your pet’s name.
- Your birthday or that of family members.
- Any words related to your hobby, job, or interests.
- Part of your home address, including city/town, street, house/apartment number, or country.
- Your name or the name of a family member.
Cyber criminals research their victims online, looking for clues that can help them hack your password. They will use any clues about you, where you live, your interests, and your family to guess your password strategically.
If any of your passwords use any information linked to you personally, please take a few minutes to update your passwords following our strong password best practices.
2 Simple Tricks to Remember Strong Passwords
Now, with all these tips telling you to create different strong passwords for your multiple accounts, you may be asking how in the world you will remember them all. Here are some tips for remembering strong passwords.
- Use a phrase or sentence instead of a word: This is one of the most effective ways to create a strong password that is easy to remember. Instead of using a single word, try combining a few words to create a phrase or sentence.
- Try making your password poetic: Think of a poem that you have memorized or has a strong meaning. Take a line from it and use that as your password. It’s worth noting that you should exchange letters for symbols or numbers to make hacking harder.
You are your best line of defense against cyber attacks and hacks. Create strong passwords. Remember to be wary of emails, text messages, and phone calls using urgent language and/or promise a special offer or free prize.
Your Password is Your First Line of Defense Against Cyber Threats
Your password can make or break the security of your personal and business accounts. A strong password makes it more challenging, if not impossible, for cyber criminals to carry out their agendas.
It should go hand-in-hand with knowing how to protect it in case of phishing attacks. It doesn’t matter how strong a password is if your end-users unknowingly submit it to a hacker.
This exact scenario is what happened to over 60% of clickers on our latest Gone Phishing Tournament. Had it been a real attack, cyber criminals would have collected 90,000 business account passwords.
Download a copy of the 2023 Gone Phishing Tournament results to see shocking phishing benchmarking data retrieved from over 1.3 million participating end users.