Call now for cybersecurity help: 888-646-1616

Adelia Risk’s Mega Awesome Password Guide for 2021

Confused about password security? You’ve come to the right place.

There’s a reason for strong password requirements. Sometimes a password is the only barrier between a hacker and your email, banking, or social media account. This means it is critical to use good password habits. You don’t want your private information or finances in the wrong hands.

This big password guide will address some of the common questions we get all the time. What are password best practices? Why is password recycling such a bad thing? Do I need to use multi-factor authentication? What about password managers?

Add your questions to the comment box at the end of this article. We’re happy to help!

Password Best Practices

Overall, we recommend using the following guidelines when creating a password. These recommendations hold true for every type of account: email, banking, social media, Amazon, Walgreens, whatever:

Guidelines

12 character minimum, with a mix of upper case, lower case, numbers and symbols

No personal info

Don’t use personal information: your initials, child’s name, pet’s name, street name

No patterns

Don’t use sequences or keyword patterns like 123, abcd, qwerty, asdfgh

Un-guessable

Don’t use passwords that someone else could guess like password123, yourname123, admin

Password Tricks

- A lyric from a song or poem: WhatDoesThe-Fox-Say?29
- A meaningful quote from a movie: LukeI-Am-YourFather9
- A series of words that are meaningful to you: Blue25Lipstick-8Oven
- An abbreviation: Mpia,dyt734? (My password is awesome, don’t you think?)

Password Guide Trick
password guide: don't recycle passwords

Password Recycling

What is password recycling? It’s something you may be doing right now. And you need to stop as soon as possible! This password guide would not be complete without mentioning password recycling.

Password recycling is using the same or very similar password on different platforms.(Password1, Password2, Password3, etc)

Passwords need to be unique - and simply adding a 1 or a 2 at the end does not make them unique.

If a hacker has your password, and you use the same password across multiple platforms, it means they could access your other accounts! In a recent PC Mag survey of 1,041 adults, 70% of respondents admitted to reusing passwords. Yikes! Don’t do that.

Every account needs a unique, strong password. Period.

Changing Passwords

Should you change your password every 30, 60, 90 days?

This is a question we hear quite often. We follow NIST’s guidance of NOT changing passwords. 

That’s right, NIST has published guidance which explains that frequently changing passwords leads to bad password behavior (like changing a password from password2020 to password2021). 

A good, strong, unique password for each account is the way to go. No need to periodically change the password, unless you know the account has been compromised. Read on for more tips in our password guide.

Password Guide Tip: Use a password manager!

Creating unique and strong passwords for every account can be challenging. It would be impossible to remember all of those passwords. This is probably why most people use short, shitty passwords! They’re easy to remember (but also easy to hack!)

So what’s the answer? Use a password manager!

There are so many to choose from, and depending on your needs, a free one may work for you. And yes, we recommend a password manager for work AND personal accounts. Both types are worth protecting.

There are many benefits to using a password manager:

  • You only need to remember one master password to access your password vault
  • Browser extensions make it easy to save and update passwords
  • Warns you about compromised passwords
  • Makes it easy to create strong, unique passwords
  • Make sure you choose a password manager that stores encrypted data and not your encryption key - that way when (not if!) there is a breach, hackers only get encrypted data

There are so many articles on comparing password managers. Do a quick Google search and you’ll see what I mean! Please do some more research to figure out what’s best for you and your business. 

Top 12 Password Managers 

Keeper - Best to secure cross-platform password management
Dashlane - Best for security-focused extras
LastPass - Best for ease of use
Bitwarden - Best free password manager
LogMeOnce
Password Boss
NordPass
1Password
RoboForm
Sticky Password
McAfee True Key
Zoho Vault

(source: PC Mag)

password guide: password manager

Free browser password managers: a good idea?

Most popular browsers offer their own password manager. Chrome, Edge, Safari and Firefox all have built-in password managers. But should you use them? Free is good, right?

There are benefits to using a browser password manager: convenience, no cost, ease of use. 

But third-party password managers work a little better. They are designed to work in any browser (vs. always using Google Chrome to use your Chrome password manager) and have additional features you may need for your personal or professional life: securely share passwords or reminders to change out old passwords. Plus, good password managers allow you to set up MFA to add another level of security for your passwords.

SEC Cybersecurity Guidance - two factor authentication

More protection: multi-factor authentication (MFA)

Ok, so you have strong, unique passwords for all of your accounts.

Guess what, you need to add another level of protection. Why? Because hackers can still figure out your strong, unique passwords, and data breaches are unfortunately a pretty common occurrence.

So what can you do? Use MFA.

MFA stands for multi-factor authentication. This is sometimes referred to as 2-step verification or 2-factor authentication. It means there is an extra step to prove you are actually logging into your accounts.

When you set up MFA for your email, what happens is you will log in with your username and password, and then you will receive a code on your phone (either via SMS or authenticator app - explained below). This means a hacker will need your username, password AND phone to access your account.

If your email carrier or banking institutions do not offer MFA, we recommend switching. These are two types of accounts that absolutely need this extra layer of protection.

And absolutely, please for the love of all that is holy, turn on MFA for your password manager!!!

WordPress

Authenticator app vs. SMS

You can set up MFA through a few different methods. Most commonly, you can choose from SMS/texting or with an authenticator app (Google Authenticator, Microsoft Authenticator or Authy are common authenticator apps. 

When you set up MFA, you should also make note of any backup codes in case YOU lose or break your phone and need to access your accounts. 

So is one method better than the other? 

Using an authenticator app is more secure, since you need the actual phone to access the app codes. Plus, the codes expire quickly and it’s faster (for you) to verify your identity and access your accounts.

Even if SMS authentication is not as secure, it is better than nothing! 

But isn't MFA a pain in the ass?

Sure, MFA requires an additional step. But using an authenticator app makes it easier and quicker. Plus, the hassle of using MFA pales in comparison to the huge pain in the ass you’ll be dealing with if a hacker gains access to your account.

Password Guide TLDR: Too Long Didn't Read

Password security is important. Sometimes a password is the only thing in between your data and a hacker. Using strong, unique passwords, along with multi-factor authentication and an organized password manager will help keep your accounts secure. We hope this password guide explained why and how to create strong passwords.

Need help with your organization’s cybersecurity? We can help! Contact us today.

Copyright 2021 Adelia Associates, LLC | All Rights Reserved | Sitemap
userssadthumbs-upthumbs-down