Passwords are still a big part of our daily digital lives. So here are some password tips from top security experts to help you stay safe online.
Passwords have become somewhat of a thorn in the side of many cybersecurity experts. When it comes to advising people about the best way to stay safe online, security professionals are often quick to suggest going passwordless where possible and switching to other methods of verification.
This is because passwords are one of the biggest gateways to data breaches. According to the 2019 Verizon Data Breach Investigations Report, 80pc of hacking-related breaches involved compromised and weak passwords.
However, it seems we must resign ourselves to the fact that passwords are here to stay, at least for now.
So, what can be done to boost your security online? We’ve rounded up a few password tips from some top security experts.
Avoid dictionary words
One of our top password tips is to avoid using words from the dictionary, especially words that could be guessed based on information about you that might be in the public domain.
Use passwords of sufficient complexity and length. Do not reuse passwords across apps and websites. People should avoid reusing passwords with modifications such as incrementing a number at the end or adding a special character, as this is something that an attacker may attempt also.
Check for breaches
Check if your account has been part of any known breaches. This can be checked on sites such as Have I Been Pwned?.
If credentials are found to be part of a breach, the user needs to secure the account in question by resetting the password, reset the backup security questions and one-time backup codes, check for and remediate any forwarding rules, and otherwise secure the account and any other linked accounts whether they be linked via shared passwords or something else.
Engage in secure web browsing
Every user should make sure they engage in secure web browsing, especially when logging into accounts.
Check to make sure every website you interact with is secure. Depending on the browser, this may show up as a lock symbol next to the URL (Chrome) or https:// (Safari).
Consider a password manager
To avoid the dreaded fatigue of trying to remember so many different, regularly changed passwords, it is recommended to use some form of password manger.
There are various types and different vendors that people can utilise to strengthen security by generating and storing complex passwords for each site or application. Also evaluate the security of the password manager itself, due to the sensitivity of what is stored within it.
Reduce your apps
Another important consideration for users is that the number of apps they use and engage with can increase their risk of being hacked.
Everything is connected, so properly review the apps that are installed on devices from a security perspective and be equally careful with the web apps and sites that are used.
For every app that is not installed and every site that is not used, a user is reducing their attack surface. Do users really need to use a potentially risky web app to convert a Word file to a PDF or does Word have a native option to do that for the user? Yes, Word does. If installing an app on a phone that superimposes animal masks on your face, for example, does this app really need to access certain data on the user’s phone such as microphone, emails and address book?
Think about the permissions they grant the apps they use before clicking ‘yes’.
Use multifactor authentication
As well as good password hygiene, other methods of security should be considered as well. Requiring a password plus one or more added credentials, also known as multifactor authentication (MFA), is a good way to prevent unauthorised account access.
These other credentials could include one-time passcodes or biometric information. However, just like passwords, MFA is just one cog in the cybersecurity wheel and there are different types of MFA that come with different levels of security.
Switch to passwordless
While passwords continue to be a common part of our daily lives in the digital world, many security experts still vouch for switching to a passwordless model.
Despite the continued reliance on the password model, move away from it. Password managers have experienced a growth in popularity and yet this model is still far from perfect. If your endpoint is compromised with a key logger, a complex username/password will not help.
Instead of passwords, business leaders should work with their security and IT managers to implement and deploy high-assurance credential-based passwordless authentication that merges the power of digital certificates with smartphone biometrics to create an employee’s trusted workplace identity, wherever that workplace may be.
By eliminating the password, you effectively protect your organization from phishing attacks, which minimizes the risk of a data breach.
In partnership with the National Cybersecurity Alliance
--
Learn more about how we help our clients