Security is all over the news today. From the DNC hacks to the WannaCry malware scare that recently took out a big chunk of British NHS, attacks seem to be getting more severe with significant implications. Hackers are everywhere and everyone, even you, is at risk.
One of the best things you can do as an individual to protect yourself is ensure that you use good security practices in your day to day life. There are quite a few misconceptions about passwords floating around. Best practices for secure passwords evolve as technology changes so it may be tough to stay on top. The following recommendations are based on requirements provided by The National Institute of Standards and Technology.
Password Length Is Key
Password length is the biggest factor in how vulnerable your password is to cracking. Twelve characters is the minimum length your password should be. To be honest you should be looking to use passwords around sixteen characters or more. Try using a password phrase instead of passwords based on single words or names. It will be easier for you to remember, and the extra length is your best line of defense against having your password compromised.
“Complexity” Requirements Give a False Sense of Security
We are seeing more and more instances of complex password requirements. Password rules that require mixed case, numbers, and special characters give a false sense of security, and also make our passwords more difficult to remember. This can lead to bad security practices like a higher likelihood of writing them down. Again, a longer password is going to be stronger than a shorter password that has some special characters thrown in.
Randomly Generated Passwords Are Stronger
There is a difference between a randomly generated password and the false sense of complexity described above. Many password managers like KeePass allow you to generate random passwords and store them in a secure way. Using longer, randomly generated passwords is your best bet in preventing your password from being cracked. They also make it easier to use unique passwords for each service you use, another best practice. That way, if one of your passwords is compromised, the rest of your accounts will be safe. Just don’t put the password for your password manager on a sticky note.
Skip The Regular Change of Your Password
If you are using a strong password to begin with, skip changing your password on a regular interval. This is another practice that can lead to bad behaviors. The more you change your password, the harder it is to remember. The harder it is to remember, the more likely you are to pick easier to remember passwords or to even write them down.
Use A Password Manager
My final recommendation is to use a password manager if you aren’t already. There are plenty of good free solutions (KeePass) if you don’t want to pay for anything. There are even free companion mobile apps that use features like thumbprint recognition so you can take your passwords with you, but still keep them secure. Using a password manager will allow you to easily use longer passwords that are generated randomly. It will also prevent you from writing down your sensitive data.
You Are Your Best Line of Defense
It’s up to you to protect yourself and make sure you are following security best practices. Nobody is going to do that for you. Once you get your password game straight I have a couple more recommendations that should take you a long way in improving your security.
- Make sure all of your operating systems are up-to-date with the latest security patches and you aren’t running any unsupported OSes on your network.
- As home automation becomes more and more popular we have more connected devices in our houses. Verify all of your connected devices are on their latest firmware and ALWAYS change the default user and password.
- Don’t connect to public WiFi. Do yourself a favor and get a cellular plan with enough data that you don’t need to connect to public WiFi. Public access points are a pretty easy thing to set up and spoof, and you never know who and what you are connecting your devices to.