5 Password Security Best Practices

For every account, there is a password.

The trouble is, you probably have a lot of accounts. In an increasingly digital world, people are signing up and assigning passwords like never before. But if someone gets hold of one of your passwords, your personal information, finances or data could be at risk.

In fact, according to Verizon’s recent Data Breach Investigations Report, compromised passwords are the cause of 81% of hacking-related security breaches.

With so many to hold onto and keep track of, it’s no wonder that most people let their password security upkeep fall through the cracks. So, what can you do to make sure your passwords are in safe hands? Here are a few best practices to be aware of in 2021.

5 Password Security Best Practices
Follow our password security best practices to ensure your passwords can’t be compromised.

Significantly longer passwords are the way of the future

For a long time, you were probably told to make your passwords more complex. That method worked — for a while. Today, hackers are more skilled, specialized and capable of cracking complexity.

This is why the National Institute of Standards and Technology (NIST) recently updated their guidelines to suggest shooting for a better password length instead. Decryption tools have a much easier time cracking shorter passwords, even if they’re very complex. This is because longer passwords inherently have far more permutations, or possibilities, to sort through.

Use multi-factor authentication whenever possible

Multi-factor authentication (MFA) is a technology that is designed to require two or three points of independent authentication. In other words, MFA uses a system where passwords are not enough for entry.

The system requires an additional method; either a security token, like a code, or biometric authentication, like a thumb-print. Smartphones, for example, often use all these methods in combination. MFAs provide an added layer of security to your accounts so that even if a password is compromised, your data may still be safe from hackers.

Never reuse passwords

One of the biggest mistakes you can make is reusing passwords. If one of them is stolen, you risk jeopardizing any other account to which that password has been ascribed.

As many as 66% of people reuse passwords across multiple accounts, according to research by Google and Harris Poll. By simply using unique passwords and never doubling-up, you can avoid ever allowing one security breach to rollover into another.

Don’t use personal information

With so much personal information already readily available, you’re better off not putting any in a password. Otherwise, you risk making an attacker’s job much easier when attempting to crack into your account.

Generally, the same goes for password hints. You are better off not putting any personal information in any hints, either, for the very same reasons. The NIST, in fact, also warns against these practices in their updated guidelines.

When you change a password, change it entirely

Too often, when somebody is prompted to change their password they hardly change it at all. Instead of setting a completely new word altogether, they’ll simply change or add a number at the end.

“Password1,” as it turns out, meets most complexity requirements that currently exist. Remember, length and distinction are far more important than ease or memorability.

With so many passwords, keeping them all secure is no easy task. But if you follow these best practices, you’ll be well on your way to digital security.

For more information about keeping your data secure, check out our Total Defense Security blog or contact us to speak with an expert.