Categories: Cyber Risk

5 tips for better password security

With the rising threat of cybercrime, information leaks, and data breaches, protecting your business is vital and password security plays a key role. After all, a strong password is your first line of defense.

Despite the fact that 8 in 10 people say they’re concerned about the security of their online accounts, passwords that are weak, old, or repeated are still used. Year after year, cyber security companies report that most computer users are choosing the same weak passwords. In fact, an annual list of the most commonly used passwords in 2018 published by SplashData found that after evaluating over 5 million passwords that were leaked online in the last year, the two top slots were left unchanged for the fifth year in a row. The most commonly used password was “123456,” followed by “password.” The next five consecutive spots were other assortments of numbers (for example, “123456789” and “111111.”)

Most web services force their users to follow best practices by only allowing passwords with pre-set criteria or by analyzing passwords to see if they’re weak, fair, or strong. Most services require a password that’s at least eight characters long and contains an uppercase letter, a number, and a symbol. While these requirements are useful, simply changing your password from “password” to “Password1!” doesn’t solve the problem.

Below, we outline five tips to help you improve password security by generating stronger passwords.

1. Choose a strong password

Cyber criminals gain access to accounts or data through social engineering. This is because many of us naturally choose a password that personally relates to our lives. These types of passwords are easy for your friends and coworkers to guess, and something that cyber criminals may be able to find with some social media research.

Don’t choose passwords that include the name of your pet, car, kids, spouse, city you were born in, or your favourite sports team. For example, on SplashData’s 2017 list of the year’s worst passwords, “starwars” joined the list at number 16. A password related to common terms from pop culture can also be dangerous.

Hackers can also crack passwords through brute force, using tools that guess many combinations at once. Using passwords that are at least 12 characters long and have a combination of letters, numbers, and other characters can help make your passwords more difficult to crack.

2. Create a password you’ll remember

Many computer security companies offer websites or tools that can generate randomized passwords for you. While these passwords are much stronger and harder to crack, they can also be difficult to remember. Having a password that’s difficult to remember usually means you’ll have to change it again in the near future, or you’ll have to write it down somewhere near your computer. Neither of these situations are ideal.

If you want to create a password that’s easy to remember but hard to guess, try creating a password out of a phrase. Take a phrase that has meaning to you and use the first letter of each word to create the unique password. For example, the phrase “My dog is an 8-year-old black labrador retriever named Barkley!” would become the password “Mdia8yoblrnB!”

3. Use different passwords and change them often

Having a strong password that you’ll remember is the easy part. The hard part is creating unique and strong passwords for each of your different online accounts. If you use the same password for multiple online accounts, you’re putting yourself at risk (especially if you’re using the same password for your social media accounts as you are for online banking).

Having one account compromised could result in all your accounts being compromised. That’s why it’s important to create unique passwords for each account and change them often.

4. Be aware of password save features

Having a strong password means nothing if you’re leaving your login information saved for your favourite websites. Most websites allow you to save your login credentials or automatically log in so that you don’t have to enter your username and password every time you visit.

While this feature is convenient, it’s also risky. Never use this feature on a computer that’s shared with others, and even with your own computer, it’s best to avoid doing this when possible. And an added bonus: inputting your password every time you log in can also help ensure you don’t forget your password!

5. Be careful with password retrieval questions

Password security is vital, but it’s also important to think carefully about your answers to security questions asked when you create a new account. These security questions are used to verify your identification when you want to reset your password. Unfortunately, they’re often standard and similar across websites.

Questions like “where did you go to school?”, “where were you born?” or “what is your mother’s maiden name?” are easy to answer. They’re also relatively easy for cyber criminals to discover with a little social media research. If they can successfully answer these security questions, they could potentially reset your passwords and hijack your accounts.

When creating answers for security questions, try to come up with your own question rather than using the standard questions. That way you can use a question and answer that only you would know.

What type of insurance can help with cybercrime?

Even if you’re diligent about protecting your passwords and your accounts, password security can’t always stop things from going wrong. That’s why it’s important to be as prepared as possible.

Insurance can help protect your business should something go wrong. With our insurance coverage specifically designed to help protect against cyber attacks and the consequences of these events, Federated Insurance is dedicated to helping ensure your business doesn’t suffer a disastrous setback.

Visit our business insurance page today and find out more about how we can help you!

This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.

Share