Use strong passwords. Hackers know how people pick passwords and are good at attacking them. For example, they know that if a password policy requires numeric characters, most people will place the number at the end. If a capital letter is required, most people capitalize the first letter. They also know that people use keyboard patterns (such as qwerty), dictionary words, birthdates, pet or spouse/children names, and other things that can be determined from social media sites.
Characteristics that make passwords strong, such as being long, random, and having multiple types of characters, also make them difficult to remember. For important accounts, such as online banking, the most secure password is a randomly generated one in conjunction with a password manager – see “Use a Password Manager” below.
If you need to pick a memorable password, consider a “passphrase” instead, such as:
- Trees are solar-powered green machines.
- There R 2 many choices 4 me!
Use a different password for every site. Hackers know that many people use the same password for multiple sites. When a site breached, the usernames and passwords are harvested and used against other sites. To protect yourself, you need to have a different password for each site.
Use a Password Manager. It is not feasible to remember dozens of different strong passwords. Web browsers helpfully offer to remember passwords for you, but do not always store them safely. Malware will search the browser to pilfer your passwords. Using a password manager will give you the highest level of protection by generating random passwords and safely storing them. Use a passphrase (as mentioned in the Use strong passwords section) to protect your other passwords. Some of the top password managers are listed below in no particular order:
- LastPass – https://lastpass.com/
- KeePass – http://keepass.info/
- 1Password – https://agilebits.com/onepassword
- Password Safe – http://passwordsafe.sourceforge.net/
Use 2-Factor Authentication (2FA) for important accounts that support it. Should your password be stolen or guessed, 2FA helps protect you requiring an additional step for logging in, such as typing in an additional code texted to your cell phone or sent/generated by a mobile app. For more information on 2FA and how to enable it for popular online accounts, read this lifehacker article.
For more information visit: http://itservices.tri-c.edu/