5 Tips for Better Password Security
With the rising threat of cybercrime, information leaks, and data breaches, protecting your business is vital and a strong password is your first line of defense.
Despite the fact that 8 in 10 people say they’re concerned about the security of their online accounts, passwords that are weak, old, or repeated are still used. Year after year, cybersecurity companies report that most computer users are choosing the same weak passwords. In fact, an annual list of the worst passwords of the year published by SplashData found that almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3 percent of people have used the number one worst password, “123456.”
Most web services force their users to follow best practices by only allowing passwords with pre-set criteria or by analyzing passwords to see if they’re weak, fair, or strong. Most services require a password that’s at least eight characters long and contains an uppercase letter, a number, and a symbol. While these requirements are useful, simply changing your password from “password” to “Password1!” doesn’t solve the problem. Below, we outline five tips to help you come up with stronger passwords.
1. Choose a strong password
Cybercriminals gain access to accounts or data through social engineering. This is because many of us naturally choose a password that personally relates to our lives. These types of passwords are easy for your friends and coworkers to guess, and something that cybercriminals may be able to find with some social media research.
Don’t choose passwords that include the name of your pet, car, kids, spouse, city you were born in, or your favorite sports team. On SplashData’s list of the year’s worst passwords, “starwars” joined the list this year at number 16. A password related to common terms from pop culture can also be dangerous.
Hackers can also crack passwords through brute force, using tools that guess many combinations at once. Using passwords that are at least 12 characters long and have a combination of letters, numbers, and other characters can help make your passwords more difficult to crack.
2. Create a password you’ll remember
Many computer security companies offer websites or tools that can generate randomized passwords for you. While these passwords are much stronger and harder to crack, they can also be difficult to remember. Having a password that’s difficult to remember usually means you’ll have to change it again in the near future, or you’ll have to write it down somewhere near your computer. Neither of these situations is ideal.
If you want to create a password that’s easy to remember but hard to guess, try creating a password out of a phrase. Take a phrase that has meaning to you and use the first letter of each word to create the unique password. For example, the phrase “My dog is an 8-year-old black labrador retriever named Barkley!” would become the password “Mdia8yoblrnB!”
3. Use different passwords and change them often
Having a strong password that you’ll remember is the easy part. The hard part is creating unique and strong passwords for each of your different online accounts. If you use the same password for multiple online accounts, you’re putting yourself at risk (especially if you’re using the same password for your social media accounts as you are for online banking).
Having one account compromised could result in all your accounts being compromised. That’s why it’s important to create unique passwords for each account and change them often.
4. Be aware of password save features
Having a strong password means nothing if you’re leaving your login information saved for your favorite websites. Most websites allow you to save your login credentials or automatically log in so that you don’t have to enter your username and password every time you visit.
While this feature is convenient, it’s also risky. Never use this feature on a computer that’s shared with others, and even with your own computer, it’s best to avoid doing this when possible. Inputting your password every time you log in can also help ensure you don’t forget your password.
5. Be careful with password retrieval questions
Beyond passwords, it’s important to think carefully about your answers to security questions asked when you create a new account. These security questions are used to verify your identification when you want to reset your password. Unfortunately, they’re often standard and similar across websites.
Questions like “where did you go to school?”, “where were you born?” or “what is your mother’s maiden name?” are easy to answer. They’re also relatively easy for cybercriminals to discover with a little social media research. If they can successfully answer these security questions, they could potentially reset your passwords and hijack your accounts.
When creating answers for security questions, try to come up with your own question rather than using the standard questions. That way you can use a question and answer that only you would know.
Insurance is here to help
Even if you’re diligent about protecting your passwords and your accounts, sometimes things can go wrong. That’s why it’s so important to be as prepared as possible.
Insurance can help protect your business should something go wrong. With our insurance coverage specifically designed to help protect against cyber attacks and the consequences of these events, Federated Insurance is dedicated to helping ensure your business doesn’t suffer a disastrous setback.
Written by Reza Kamrani, Account Representative, Associations | www.federated.ca
This document is provided by Federated Insurance Company of Canada (“Federated”) for informational purposes only to augment your own internal safety, compliance and risk management practices, and is not intended as a substitute for assessment or other professional advice by a qualified person or entity.
Federated makes no representations or warranties regarding the accuracy or completeness of the information contained in this document. Federated shall not be responsible in any manner for any loss, or any direct, indirect, consequential, special, punitive or other damages, arising out of your, or any other person’s, use or reliance on the information contained in this document.
© Federated Insurance Company of Canada. All rights reserved.