Passwords are everyday options for all of us – both personal and business. To keep our information secure, we are being asked to create longer and more complex passwords everywhere, but what are the good password practices that you should use?
I wondered if I had previously written something about passwords and I did Password Security â make your passwords secure with these tips back in 2021.
I think it’s now time for an 2023 update…
Characteristics of a Good Password:
The strength of a password is determined by its length, complexity, unpredictability, and variation. Let’s explore each of these options in detail.
Length
The longer, the better! đ
Passwords with more characters are harder to guess or crack using brute force attacks*.
The standard requirement for most passwords is a minimum length of 8 characters.
However, it’s recommended to use passwords that are 12 characters or longer.
Next time you have to create a password, stop and read the notes – you’ll see 8-12 characters a lot of websites.
Longer passwords offer better protection against cyber-attacks, because they are harder to crack.
One option is to use three (or more) words as your password, or even make a phrase into your password (also known as a passphrase).
I do know of one company that requires a password of 21 characters – although they do use other biometrics (fingerprints, facial recognition etc) for daily logging in. đ
*A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizationsâ systems and networks. The hacker tries multiple usernames and passwords, often using a computer to test a wide range of combinations, until they find the correct login information. From https://www.fortinet.com/resources/cyberglossary/brute-force-attack
Complexity
A complex password is one that contains a mix of uppercase and lowercase letters, numbers, and special characters/symbols.
For example, a strong password could be “P@$$w0rd”.
The use of special characters, numbers, and mixed cases increases the complexity of the password, making it harder to guess or crack.
Avoid using simple dictionary words or common phrases as they are easy to guess or predict.
Tip
Don’t put the capital at the beginning of the word.
Unpredictability
A good password is unpredictable. Avoid using information that is easy to guess or can be found online.
For example, using your name, date of birth, or pet’s name as a password is not a good idea.
Instead, use random combinations of letters, numbers, and symbols that have no connection to you or your personal information.
Of course it does need to be something that you will remember and be able to type in!
Variation
Using the same password for multiple accounts is not a good practice – actually it’s really bad.
And this includes the same password and just changing the number at the end! đ
If one of your accounts gets hacked, the attacker can use the same password to access other accounts.
Instead use a unique password for each account.
A password manager can help you keep track of multiple passwords.
Note: Password managers are the next blog post topic đ
Common Password Mistakes
Here are some common password mistakes to avoid:
Using easily guessable information: Avoid using information that can be easily guessed or found online, such as your name, date of birth, or pet’s name, favourite items (holidays, brands, etc), in fact anything that could be found in your social media.
Repeating the same password: Using the same password for multiple accounts is risky. If one account gets hacked, the attacker can use the same password to access other accounts.
Using personal information: Avoid using personal information, such as your family names, phone number, or address, as a password. This information can be easily found online and can be used to guess your password.
Writing down passwords: Writing down passwords on a piece of paper or saving them in a document on your computer or phone (without a password) is a bad idea. If someone gains access to the paper or computer, they can easily access your accounts.
Tips for Creating Good Password Practices
Creating and managing strong passwords can be challenging. Here are some tips to help:
Use a password manager: A password manager is a software tool that helps you create and manage strong passwords. It stores all your passwords in an encrypted database, and you only need to remember one master password to access them.
Use a passphrase: Instead of using a password, you can use a passphrase. A passphrase is a sequence of words that are easy to remember but hard to guess. For example, “mydogisverycute” is a passphrase that is easy to remember and harder to guess than a single word password.
Regularly update your passwords: It’s essential to regularly update your passwords to keep them secure. Experts recommend changing passwords every three to six months.
Avoid reusing old passwords: When updating passwords, avoid reusing old passwords. Use a unique password for each account.
Enable two-factor authentication: Two-factor or multi-factor authentication adds an extra layer of security to your accounts. It requires you to provide two forms of identification to access your account, such as a password and a verification code sent to your phone.
More and more companies are offering additional authentication. If it’s available, then I recommend setting it up. It might be a pain to have to enter more information, but “better safe than sorry”!
A Password for Each Account
(I know that I’ve already said this, but it is really important!)
As I said in a previous post (Let’s Talk Basic Cyber Security Essentials), once these people have a password of yours, they will search for other sites that you have an account with and try the password that they have, in the hopes that you’ve used it, or something similar before.
Solution – have a different password for each account.
This way if one password is revealed, it won’t affect any other account.
Check Passwords Through Your Web-Browser
If you store passwords in your web-browser (and who doesn’t), then you can also take advantage of a built-in option to check your passwords to see if they have been
Google Chrome
Microsoft Edge
Final Thoughts
Using strong passwords is crucial in protecting your personal and business accounts from cyber-attacks.
A good password should be long, complex, unpredictable, and varied, although you do need to be able to remember and type it.
Avoid using easily guessable information, repeating passwords, using personal information, and writing down passwords.
Instead, use a password manager, use a passphrase, enable two-factor authentication, and regularly update your passwords.
By following these tips, you can ensure that your online accounts are well protected.
Next Steps
Take a look at your passwords – yes all of them!
If some of your passwords don’t follow these suggestions, then don’t delay – update your passwords today following these good password practices.
Remember, a good password is the first line of defense in protecting your online identity.
Other Data Security Posts
Let’s talk basic cyber security essentials
How to stay safe from email scams
What are good password practices? (current post)
Do you really need a password manager?
How many email addresses do you need?
Recent Posts
- Do you want computer peripherals with that?Youâve sorted out the hardware, the best device and software but have you thought about any additional computer equipment that you might need for your business a.k.a. the computer peripherals? The first thing is to agree on what is a âcomputer peripheralâ. The definition that appears when you google it, is: A peripheral device, or⌠Read more: Do you want computer peripherals with that?
- Improve your results with these advanced search techniquesWeâve now looked at searching, and hopefully youâre finding your files easily. But how often are the ones that youâre looking for at the top of the results list? Let me share some advanced search techniques with you. Wildcard symbols How often have you remembered part of the filename, but not all of it? There⌠Read more: Improve your results with these advanced search techniques
- Are you searching your files to save time?How often have you spent hours looking for a file that you know is saved somewhere? Then my question is why? Searching your files is a quicker way to find what youâre looking for! OK, OK, I can hear you saying âI already know how to search Michelle!â But do you? Really? Iâm talking about⌠Read more: Are you searching your files to save time?
- Talking without the video = podcastMaybe youâve got a lot to say (not just supercalifragilisticexpialidocious) but you donât like seeing or recording yourself. In this case take a look at the podcast option. Sure youâre recording your voice but thatâs it! Whatâs a podcast? Well a dictionary definition is âa digital audio file made available on the internet for downloading⌠Read more: Talking without the video = podcast
- Is a video channel more your thing?Maybe your expertise is better shared through a video channel? If your skills are best when you show or demonstrate things to people then this may be the perfect channel option for you. Iâm not going to insult you by explaining what a video is, but letâs talk about a few things related to a⌠Read more: Is a video channel more your thing?
a good password, good password ideas, good password practices
3 thoughts on “What are good password practices?”
Pingback: How to stay safe from email scams
Pingback: Let's talk basic cyber security essentials
Pingback: Do you really need a password manager?
Comments are closed.