9 Practical Password Security Best Practices

Each new account, app, and device you add to your lineup brings yet another new password. Passwords defend against unauthorized access that can jeopardize your privacy and personal information, so following some basic password security best practices can help you keep your assets and identity safe.

What is password security?

Creating strong passwords and protecting them from being lost or stolen are important parts of password security, but they are only part of the story. Password security combines processes, policies, and tools to make our passwords and the authentication process more secure. Important aspects of password security include:

  • Following straightforward rules to make passwords stronger

strong password is one that is at least 12 characters long, uses a combination of uppercase letters, lowercase letters, numbers, and special characters in a random order, and avoids using common phrases or sequential strings (like ABCD and 12345). A strong password also leaves out numbers or phrases that can be linked to your identity, like your name, address, phone number, or anniversary date.

  • Preventing unauthorized access and data breaches

Protecting yourself, your information, and your company from data breaches is the most important benefit of password security. The best password practices can counteract hacking tactics used to steal or compromise data, including:

  • Phishing: A form of social engineering that uses misleading emails disguised as urgent requests from reputable companies to lure us into clicking on unsafe links. Phishing emails might also ask the recipient to reply with personal information like credit card numbers or passwords.
  • Brute-force attacks: A common hacking tactic that uses random combinations of usernames and passwords to attempt account logins until a match is found. Brute-force attacks have become more sophisticated as many hackers make use of computer automation and artificial intelligence to cycle through combinations more quickly.
  • Spyware: As a particularly malicious form of malware, spyware installs itself on your computer or device and monitors your online behavior, relaying personal information to an attacker without your knowledge or consent. Spyware can be difficult to detect, allowing information to be intercepted for long periods of time.

What is password hygiene?

The concept of hygiene implies good health, cleanliness, and regular maintenance. In cybersecurity, good password hygiene means strong password creation, safe password storage, and secure password sharing. Essentially, password hygiene requires an ongoing commitment to good password practices and continuous improvement

9 practical password security best practices

Password management best practices are a combination of proactive tools and habits used to improve password health and useful password security tips on what to avoid. These nine password tips can take your cybersecurity profile and productivity to the next level.

What you shouldn’t do

  1. Don’t share passwords unsecurely: Retail and subscription accounts like Amazon and Netflix are commonly shared among friends and family, and passwords for workplace applications are often shared among employees. If you share a password with someone who is impacted by cybercrime, you become vulnerable as well if the shared password is compromised and used to access your account(s), so it’s important to share passwords safely. This rules out sticky notes, texts, emails, and within internally shared documents. Even communication platforms like Slack can be unsafe since the unencrypted information is stored for long periods of time and can also be exposed during a breach.
    The best password managers include secure password-sharing portals that enable you to share information without increasing your vulnerability.
  2. Don’t store passwords unencrypted: Unprotected password lists and spreadsheets can undermine your privacy and security. Encryption converts your passwords into a format that only authorized parties can read. Password managers like Dashlane use AES-256 encryption, widely accepted as the strongest encryption type available, to protect passwords before they are stored online.
  3. Don’t use browser-based password managers: Most browsers include built-in password managers that conveniently save and recall your passwords, usernames, and even credit card information. Unfortunately, this convenience can come at the expense of security since passwords saved in browsers aren’t typically protected with encryption. Instead, erase passwords saved on browsers and use a secure, personal password manager to create, store, and encrypt passwords.
  4. Don’t update passwords regularly: Aren’t frequent password changes a good idea? Not too long ago, password updates at preset time intervals were considered a wise security practice, but recent NIST recommendations point out the downside of these frequent changes. When our passwords are updated too frequently or at forced intervals, we often make only minor changes that hackers are likely to guess, or we simply reuse passwords for convenience.
    Even though periodic resets are no longer necessary, passwords should always be updated if they are impacted by a data breach or detected on the dark web. It’s also best to change your password if it’s shared unsecurely or if you suspect any of your passwords have been otherwise compromised.
  5. Don’t reuse passwords: Reusing login credentials is a common practice that can also become a dangerous one. When you reuse passwords for multiple accounts, you diminish password security by exposing multiple accounts if even one password is lost or stolen. A password manager that provides a password health score helps you eliminate this habit by continually compiling lists of your weak, compromised, and reused passwords.
 

What you should do

  1. Make unique and secure passwords: Creating strong passwords means making them as random and unpredictable as possible so they will be less vulnerable to hacking and data breaches. Just a few additional characters can add years to the expected code-breaking time. The best way to strengthen and randomize new passwords is by using a trusted password generator.
  2. Use encryption: Hiding information in an unrecognizable format is a practice that dates back centuries and is also among the most secure password practices available. Scrambling passwords and other sensitive data through encryption makes them unreadable or unusable to hackers, which can lessen the impact of a data breach.
  3. Use a password manager: A password manager lets you implement password security best practices quickly and easily. Automated password generation features and secure, encrypted vaults for password sharing and storage protect your information from intruders. The best password managers turn frequent password resets and reliance on unprotected browser password managers into relics of the past.
  4. Use 2-factor authentication (2FA): 2FA uses a second credential, such as a code sent through an app, to confirm your identity. This makes it much more difficult for a cybercriminal to access your account. Multifactor authentication (MFA) takes this security practice to the next level by adding identifiers, like fingerprints or facial recognition, to the process. 2FA and MFA identifiers fall into three categories: knowledge, biometric, and possession.

Source Dashlane

Share this:

Disclaimer: The information contained in this document is based on information believed to be accurate and reliable at the time of publication. Any illustrations of past performance do not imply similar performance in the future. To the extent permissible by law, neither we nor any of our related entities, employees, or directors gives any representation or warranty as to the reliability, accuracy or completeness of the information; or accepts any responsibility for any person acting, or refraining from acting, on the basis of information contained in this newsletter. This information is of a general nature only. It is not intended as personal advice or as an investment recommendation, and does not take into account the particular investment objectives, financial situation and needs of a particular investor. Before making an investment decision you should read the product disclosure statement of any financial product referred to in this newsletter and speak with your financial planner to assess whether the advice is appropriate to your particular investment objectives, financial situation and needs.