How to Manage Your Passwords

Best practices for creating and storing passwords is a fluid situation since companies face new threats on a regular basis. What is today’s advice for balancing convenience and security when managing your passwords?

Creating Secure Passwords

Here are our current tips for keeping your passwords both secure and convenient.

Every Password Should Be Unique

Every website you log into should have a strong, unique password. 

Many of us take shortcuts and don’t follow password best practices because managing complex passwords across all of our accounts can be challenging.

Why are unique passwords important?

Let’s say your child’s school has a portal where you can log in and check your child’s grades, homework and upcoming calendars.

Then some nefarious, evil doer finds that the school’s security is lacking.

They gain access to all the parents’ email addresses and passwords. 

The evil doer may do nothing directly with your data, however they are likely to sell it on the dark web to other evil doers.

They may attempt to log in to popular shopping and banking sites. They may try the same login information on your email provider and gain access to your emails. 

Now they can see everything you do in your life. 

You shop at this website… you bank at that one. Once they have access to your email they can just click the “Forgot Password” link and use the resulting email to reset the password to whatever they like.

How Important are Complex Passwords?

It is still important to ensure that each of your passwords is strong.

We recommend using a passphrase if it is supported. A passphrase is an easy-to-remember collection of words that is long enough to not easily be hacked but simple for you to type in and remember. “My funny friend Julie is certainly a silly goose” would be an example.

If you are not able to use a passphrase, use all of the options below to make sure your password is strong:

  • Uppercase characters
  • Lowercase characters
  • Numbers
  • Special characters, such as exclamation points, dashes, hashes, colons, semicolons or periods
  • At least 12 characters; this exponentially ups the time it would take a dedicated computer to hack it (as long as the password follows the best practices above)
  • Don’t use: real words (unless it is a nice long passphrase!) or a predictable formula, such as using a zero instead of an “o”.

Everyone knows they should have secure passwords, but it’s inconvenient.  You might think, “If I memorize one super secure password and use it everywhere, that will work, right? Nobody would guess this password, and I could never keep track of dozens passwords anyway!”

Passwords are not usually guessed or “cracked” anymore… they are stolen.

Passwords can be stolen from an unprotected database or via malware that contains a keystroke logger.  In any event, it doesn’t matter how complicated or super-secret your password is if it is not secured by the website or application storing it.  Do you trust that every website you go to has the very best, un-hackable security measures?

Using a password manger can help you maintain unique and complicated passwords for every login.

Using a Password Manager

Many password manager programs are free and will automatically generate secure passwords for you. By using one of these programs, you can select one strong but easy-to-remember password or passphrase that will unlock the rest of your passwords.

Best of all, password managers do a great job of making password security more convenient.

They take a little effort to set up, however are worth the time investment. Once all of your passwords are imported, the password manager does an audit, scanning for duplicate or insecure passwords.

Here are a few password managers we recommend:

  • LastPass is a secure password manager that stores all of your usernames and passwords for use on your desktop, laptop, tablet, or phone. LastPass creates new passwords, shows you how strong they are, stores PIN codes and member IDs and completes your personal information on the websites you visit. LastPass has free and paid plans.
  • 1Password is a password manager, digital vault, form filler and secure digital wallet. It remembers all your passwords for you to help keep account information safe. It also works on all devices and has affordable plans with a 30-day free trial.
  • KeePass is a free open source password manager for use with Windows. It stores the passwords on your local machine using secure encryption (meaning someone who stole the machine would not be able to access the information). This is a great option for Windows users who do not want to use a cloud-based solution.

Never Use Autofill

Many people enjoy the convenience of browser features that automatically complete user name and password on a website⁠—not to mention other personal information, credit card numbers and security codes. The problem with this is that the data in the browser is stored as text. So, if your computer is infected or your account is compromised, hackers will have access to your passwords.

We recommend never using the autofill feature unless it is through a password manager that will encrypt your login information.

Well, what happens if the password manager gets hacked?

While LastPass and other password managers have all of your passwords, it is all encrypted and they do not store—or even keep—the key to decrypt the data. Only the user has the decryption key. A password manager is the most secure way to manage your passwords.

Always Use Multi-Factor Authentication (MFA)

You should take advantage of multi-factor authentication (MFA) or two-factor authentication (2FA – a subset of MFA) whenever it is available. MFA requires more than two pieces of evidence that you are the owner of the account, 2FA requires two, such as your password and a code sent to your mobile device.

The “evidence” used in MFA may include:

  • Your password
  • Codes sent via text message
  • Email verification
  • Phone verification
  • Soft token used for single use login
  • Hard token or physical device such as a security card
  • Biometrics, such as fingerprint, facial and voice recognition

No system is infallible, however requiring the added protection of MFA or 2FA to log into your accounts makes it that much harder for hackers to gain unauthorized access your data.

Never Share Your Passwords

The moment you share your credentials, your account is no longer secure, and you may be providing access to way more than you intend. The other party may store your password in an insecure location, and will probably not have the same level of interest you do in keeping your account secure. Any actions they take will reflect on you.

Don’t share your login information with anyone—ever, even if it’s someone you trust!

Be Aware of Data Breaches

Do Hackers Have Your Passwords?

Websites like haveibeenpwned.com can help you learn if your passwords have been compromised. This site tracks down data breaches, verifies whether they are legitimate and can be set up to notify you if your data has been compromised.

However, not all companies report, and not all companies know they’ve been hacked.

It may even take years for a company to learn they have been hacked.

Password managers are also working on paid services that would search for your passwords on the dark web to see if they have been compromised. This is done now to some extent but the additional services aim to search for breaches that have not been reported.

Update Your Passwords Periodically

How Often Should You Update Your Passwords?

When you are using a password manager, this becomes a less critical—you do not even need to know your passwords, your password manager knows them. If you need to know the password, you can log in and get it. Some password managers enable you to change all passwords at the click of a button. It will log into the websites and change the passwords for you (however, not all websites allow this).

It is generally recommended to change your password frequently (such as every 3-6 months) if you are not using a password manager.

However, it is never a good idea to use iterations of the same password when you do change them. Using “spring2019” and changing it to “spring2020” opens you up to very sophisticated, automated attacks. Once they have a password for one site from a data breach, these bots will rapidly try different iterations at other major sites like banks and retailers.

How Affinity Helps Secure Your Passwords

Implementing a smart password strategy that ensures all employees use strong passwords is part of the bigger security plan we provide at Affinity.

In addition to delivering IT support when something isn’t working properly, we provide strategic expertise that supports your goals and ensures your business continuity and security.

Is your company’s password policy weak? Do you even have one? Affinity can help your team be as secure as possible across the many accounts they manage day to day. 

Contact us at the link below.

Interested in Leveraging Technology To Support Your Business Goals?

We build your solid foundation. Contact us at the link below or schedule your Baseline Network and Security Review.

Why Affinity?

Click below to find out what we do differently that can help you succeed and grow your business. 

Questions? Want to schedule your Network Assessment? Contact us Today.
Recent CASE STUDIES

A Solid Foundation for New Product Development and Growth

A strong technical backbone was critical to meet this software developer’s new product and growth goals. ieLinks’ Director of Technology Operations Rishi Syed shares his expertise and why they chose Affinity for their network infrastructure and administration needs.

Recent ARTICLES
Is Your Business Safe from Cyber Attacks?

Is Your Business Safe From Cyber Attacks?

Data breaches and costly scams are making headlines, as well as millions of dollars for hackers. Read “A Phishing Story”, learn about six of today’s common types of cyber attacks, and what you and your employees can do to protect your network and your valuable data.

Creating Secure Passwords

How to Manage Your Passwords

Best practices for creating and storing passwords is a fluid situation since companies face new threats on a regular basis. What is today’s advice for balancing convenience and security when managing your passwords?

Best Practices for Backing Up Your Business Data

Most of us have lost personal data and know how frustrating it is. When it comes to the workplace, data loss can be catastrophic—even halting operations or bringing your businesses to bankruptcy. We recommend these steps for backing up your data.

Like most sites, we use cookies to analyze site traffic. Unless provided by you in a contact form, we do not store any personal details. By continuing to use this website, you consent to the use of cookies in accordance with our Privacy Policy.