How to Protect Your Accounts with Smarter Passwords
How many of these password tips have you heard before?
- Change your password every 90 days
- Replace letters with similar numbers
- Store passwords in a master spreadsheet
- Make your passwords super complex, like X%^&*#4aYO
For years, we were taught that these tips are important. And while we often neglect them, they are also not particularly helpful in effectively managing your passwords and account protection.
The security industry has realized its standard methods for password protection are completely ineffective. By forcing constant password changes and ridiculous complexity rules, they have essentially taught users to make passwords that are difficult to remember – and easy for computers to crack.
Password management can be irritating or overwhelming with these outdated practices and poor execution.
It’s actually more important to ensure your passwords are long, unique, and properly managed. On top of that, you need additional security barriers to protect your accounts. In this article, we’ll give you all the tools you need to responsibly create and manage your passwords, plus how to boost your protection with extra security layers.
You will never again have to remember what special character you used in place of a letter.
Create Secure Passwords
The first step in having secure accounts is creating strong passwords. A strong password doesn’t mean typing until the login greenlights your password – it should be a lengthy combination of words, numbers, and characters that you will remember.
Randomness
A key part of password protection is a password’s randomness. Randomizing your password increases your protection against hackers. That’s because hackers use brute force algorithms to crack users’ passwords. These algorithms leverage common words, patterns, and behaviors (like replacing the number 3 for the letter, “E”) to try every possible combination – in milliseconds.
For example, a password like “1q2w3e4r” might look random. But, if you look at your keyboard, it’s easy to see why it’s not. Instead, using a random combination of letters, words, and characters is a more effective defense against brute-force hacking. This site is useful in determining how hackable your password is against brute force algorithms.
Length
Long passwords are strong passwords. Passwords should be a minimum of 16 characters. Combine words you will remember until you reach at least 16 characters and that will be much more effective than a complicated string of 10 characters.
For instance, “FantaSodaDecimatesCastles” is much easier to remember and far stronger than an impossible combination such as “7#4q./pP:oo.” If a bad actor can find your password stored on a note underneath your keyboard, it’s not secure.
Uniqueness
Repeat after us: Do not reuse your password for different accounts. Over 65% of people reuse their passwords and it’s understandable. Using the same password across your accounts is an easy way to remember them all. But that is exactly what you should not do.
That’s because hackers use a dictionary of leaked passwords to crack accounts. In 2019, over 80% of hacks were due to password reuse. If you use the same password for both your fan forums and your bank, chances are the fan forum has less security than your bank. But a data breach on the fan forum opens you up to vulnerability across all your accounts, including your bank. Protect yourself from these simple hacking methods and you can both blog and bank in peace.
Manage Passwords Properly
As we mentioned earlier, you must create a separate, unique password for each of your accounts. But how can one person remember hundreds of unique passwords?
The answer – a password manager.
With a password manager, you simply remember a single master password. The password manager will also generate and store the rest of your passwords. There are many password managers available, such as 1Password, LastPass, Dashlane or Bitwarden. You can even use the password manager that’s stored on your Apple or Android device – just be sure to visit Settings >> Passwords & Accounts (Apple) or passwords.google.com (Android) when you need to access your stored passwords.
Your password manager should also use two-factor authentication (2FA). 2FA is a security method that uses an additional form of protection for your password. This could be a PIN sent by text message or email, or it could even be a fingerprint. 2FA adds a second layer of protection and makes it more difficult for hackers to break into your accounts.
Boost Your Protection with 2FA
Creating additional security barriers for your accounts is an important way to stay protected. Two-factor authentication is among the most widely used methods, but there are additional options that may be even easier for you.
Physical keys are hardware authentication for your password management. Using a physical key that looks similar to a USB drive, this protects your passwords and accounts from any online attacks. Devices such as the YubiKey acts as the second barrier of protection for your accounts and gives you peace of mind from receiving texts or emails that may be visible or easily hacked.
Biometric authentication uses your physical characteristics as a second form of authentication. This includes your fingerprints, iris scans, and facial recognition. Biometrics are commonly seen as a protective feature for smart phones, but can also be used for password management. Given one’s physical characteristics are unique, this offers a high level of protection.
While using hardware or even your finger provides the most secure protection, they may not be practical for everyone. An authentication app may provide the accessibility and protection you need. Downloaded as an app to your smartphone or desktop, authentication apps provide a centralized second layer of security on your device. Most apps integrate across a variety of platforms and help centralize your passwords and 2FA. An authentication app will create a one-time code known only to you and the server to establish a second authentication with your account. There are many apps available such as Google Authenticator, Duo Mobile and FreeOTP.
Whether you opt for a piece of protective hardware or an app, using 2FA should be at the top of your password management toolkit.
Your Main Takeaways
Now that you’re armed with password management best practices, you’ll never have to change your password every 90 days again.
By combining strong passwords, leveraging password managers, and utilizing two-factor authentication, you will be well on your way to having secure accounts. By using these tips, you’ll find your passwords are easier to remember and manage.
How to Protect Your Accounts with Smarter Passwords
This blog post was published by Axos Bank on April 27, 2020 and last updated on April 27, 2020.