A practical guide to taking control of your digital security
The truth about your passwords
We hear about data leaks and cybercrime so often we’re deaf to it. If you do not understand how to create strong passwords, you’re putting your business and data at risk.
How you create and use passwords matters now more than ever. You need a password strategy that makes hacking your data not worth a cybercriminal’s time.
When we talk about protecting your data from cybercriminals, we don’t mean there’s a human on the other end of the internet trying to guess your login. The reality is a bit more sinister.
Modern password cracking is often an automated process relying on specialized computer programs that make hundreds of thousands of password guesses per second. You read that right. Hundreds of thousands of guesses per second.
You’re not securing your data from humans, at least not directly. You’re defending your information against malicious computer programs.
With a little planning and diligence, you can win.
As they say, a byte of prevention is worth a gig of cure. That’s particularly true when creating smart, secure passwords.
Here’s how it’s done.
First, use a mix of characters
Most websites and apps require you to create a password combining letters (upper- and lowercase), numbers, and symbols. This increases the complexity of the password making it more difficult to guess – even for a machine.
Explore your keyboard for obscure characters and mix it up with a variety of combinations.
Be sure to make it long
Using a mix of characters in your passwords is a good start, but longer equals more secure. Never shoot for the minimum. Every character you add to a password boosts security exponentially.
Use mathematical truth to your advantage by making your passwords a minimum of twelve characters. Do that, and your password will be better than most.
test your password_
Test your password strength with How Secure is My Password. Enter a password to see an estimate of how long it would take a computer to crack it. FYI this tool does not collect entered passwords.
Avoid patterns and make it random
A good password doesn’t follow a logical pattern. So-called “dictionary words” and meaningful phrases are inherently structured and often easy to crack.
Substituting certain letters with numbers (like the number zero instead of the letter “o”) is a popular and well-known practice. Avoid it. The same goes for using personally meaningful info like birthdays, pet names, nicknames, or sports teams in your passwords. If your password makes sense, keep trying.
Don’t save it in your web browser
Many web browsers prompt you to save your logins. This seems convenient at first, but passwords saved in your browser are easy to access and exploit. It’s especially risky when using shared devices, or if the device itself is not protected with its own login.
Even though web browsers have gotten a lot better at securing passwords, this security is still tied to the user login. If someone has the login and knows where to look, they can access stored password information. This gives family members, roommates, hackers with remote access, and device thieves an easy way to scoop up your login credentials and wreak havoc.
If you’ve already stored some passwords in your browser, delete them. If you’re wondering where to put them, keep reading.
Use two-factor authentication
Two-factor authorization (or “2FA”) is a login method using a second layer of data security.
Along with your usual password, 2FA works by requiring a temporary PIN (often sent via text message or generated by an app like Google Authenticator). Even if someone has your login, they won’t be able to access your account without the PIN.
This method is especially useful because it alerts you when someone is attempting to use your login. Not every app and website offers 2FA, but use it whenever available.
Make ever password unique
Create a different password for every app, website, and service you use. This prevents a compromised password from being used to access multiple sites.
At this point you’re probably thinking, This is impossible! How can I keep track of hundreds of passwords? Good question.
The solution isn’t keeping them in a notebook. (Writing a password anywhere is risky because it could be stolen or lost.) The answer isn’t using a spreadsheet, either.
If you take your cybersecurity seriously, your tool of choice should be a password manager.
Use a password manager
Password management apps have been around for years,
but most people don’t know they exist. If you do know about password managers but aren’t using them, you’re missing out on serious productivity and peace of mind.
A password manager is like a bank vault for logins. Create a single password for the vault, and boom: quick access to your entire library. “One password to rule them all” is the brilliant simplicity of this system.
LastPass, Dashlane, and 1Password are all great password managers. Business plans range from $3 to $8 per user per month. They integrate with most web browsers, enabling quick and easy logins with a simple shortcut. You can also save new passwords and update old ones right from your browser.
At Exceed we use similar password management technology to manage and securely share passwords with our clients. Using a password manager saves you precious time and brainpower. It’s reassuring to know your data is protected with the latest security technology and only accessible by you.
Password managers also eliminate the guesswork of password creation by generating strong passwords for you. We recommend the 1Password Strong Password Generator. It’s free to use, and it comes built into the full 1Password app too.
how to create a master password_
To use a password manager, you need a master password. This is the one and only “key” to the bank vault. And it works just like a unique, physical key: if you lose it, you lose access to the vault. There are no copies, and it can’t be recreated.
With this in mind, the strategy for creating a master password varies slightly from the tips outlined above. The reason is twofold: your master password needs to be both hard to crack and easy to memorize.
The best way to create a strong, memorable master password is to use a series of unrelated, random words. This is sometimes referred to as a “passphrase.” The 1Password Strong Password Generator includes an option to generate memorable passwords. Here’s a good example: bungalow-imperial-suitor-feebly. It’s random, long, and memorable (with a little practice).
It’s also advisable to write or print your master password on paper and store it somewhere secure like a safe or lockbox. Then you’ll have a backup if you ever forget it or someone else has to retrieve it.
Don’t change your password without good reason
If you create a strong, unique password and store it in a password manager with a strong and memorable passphrase, your work is done.
Under normal circumstances, you don’t need to change your password regularly. But there are exceptions. Here’s when resetting your password does make sense:
- A service you use announces their user data has been compromised
- You shared a password with a friend or coworker and they are no longer a friend or coworker
- There is unusual activity indicating an account may be compromised
- You find your information on the dark web (see the last page for more info on this)
common cracked passwords_
The UK’s National Cyber Security Centre analyzed 100 million passwords from data breaches in 2019 and found the top five most common passwords were: 123456, 123456789, qwerty, password, and 1111111.
Apply what you know, and win
Congratulations. You know more about passwords than 95% of small business owners. Now that you have a strategy and toolkit, the next step is to put your knowledge into action.
Leonardo DaVinci said it best:
“I have been impressed with the urgency of doing. Knowing is not enough; we must apply. Being willing is not enough; we must do.”
A robust password and management system is just one square of your data security quilt, but it’s a big one. Apply these password tips to sleep easier, avoid disaster, and thwart the bad guys (and bots).
We’re rooting for you.
Employee passwords are a best-seller on the Dark Web
Find out if your business has been exposed.