Many users dislike passwords, finding them aggravating and tedious. In the face of developments like Zero Trust and Adaptive MFA, the days of passwords may be numbered. However, at present the standard of cybersecurity starts with passwords. Yet the issue of passwords as a vulnerability still remains. If you use logical policies, governance, technology and products, you can ensure the usage of safer passwords driven by security-minded principals.
Given the fact that passwords are a necessary evil, the following 10 tactics enable safer passwords and strengthen the risk posture of your Identity Management.
10 Tips for Safer Passwords
1. You must be aware if your password has been compromised, or “pwned.” You can find out if your passwords have been the victim of a breach at https://haveibeenpwned.com/Passwords. Also, don’t respond to anything that looks questionable or that might be a phishing attempt! Any email asking you to click on a link and enter account information is always suspicious.
2. Use a passphrase, not a password. “To be or not to be” is better than “Hamlet.” You can also use several random words of different lengths, like XrayYellowZebraHelicopter.
3. 2Bor!2b? is also good, and it aligns with an obsolete, but still follows the widely enforced standard for strong passwords: 8 characters- 1 upper case, 1 lower case and one non-alphanumeric character.
4. Stop changing your password every 90 days. A strong password that you easily remember should last a long time. Scheduled password changes are an invitation to iterative passwords, which are problematic. However, if the password is compromised, it should be changed immediately.
5. It is OK to write your passwords down. But not on a yellow post-it stuck to your monitor or under the keyboard. And never do so in a public place, including your office. Put them somewhere safe like a notebook or journal stored away from your computer.
6. Passwords should be unique to every site you visit. Reusing the same password for your financial information on a social media site isn’t safe.
7. A password manager helps keep track of multiple unique passwords. Password manager software stores and manages online credentials within an encrypted database. Additionally, the manager locks the sensitive data behind a master password.
8. Stop using passwords and use biometrics instead! Passwords are a weak link in a cybersecurity defense. Biometrics, on the other hand, provide unique credentials. Because your body serves as the key (fingerprint, facial, etc) these credentials cannot be duplicated.
9. Multi-factor authentication, or MFA, is a password paired up with another verification code that can be sent to you via email, SMS, phone or even an app on your smartphone. It can even work without the password with just the verification code or one time password.
10. Let your browser pick one! Most of the major browsers will suggest a password that’s almost impossible for you to remember. As long as you access that site with the same browser on your computer or have it linked across all of your devices, it works great. Just remember that like a password manager, the password securing your computer has to be strong.
Achieve Password Security through Intelligent Identity Management
Passwords will provide bad actors with an ongoing source for their malicious activity for the foreseeable future. As you can see, there are many ways to manage passwords and methods to ensure protections. Hopefully the suggestions above will help increase awareness of the need to protect credentials and provide some helpful guidelines to help keep your information safe.
