In today’s digital age, passwords have become an indispensable part of our online lives. With the increasing number of online accounts, the need for strong and unique passwords has never been more important. In 2023, the importance of password security has only intensified as cybercrime continues to grow and evolve. The use of multi-factor authentication and password managers have become increasingly popular as individuals and organizations seek to protect their sensitive information from hackers and other malicious actors. As we move forward into an increasingly digital future, the importance of strong and secure passwords will only continue to grow.
1. You’re probably using bad passwords:
Most websites now require at least one number and one special character. The most common number used is “1”, the most common special character used is “!”, and the most common location for both is at the end of the password.
That means if your password looks like “password1!”, you have one of the weakest passwords you could possibly have.
More than that, important years that someone can find with a quick social media lookup, or the current year, are additionally weak passwords as it is relatively easy for a human who has done their research to guess.
The general rule:
Don’t use anything that can be directly linked to you or your business as a password. They may be easy for you to remember, but they’re easy to guess.
2. You’re probably making passwords harder on yourself:
Last Pass is our current go-to password manager here in the office.
Most web browsers now come with a built in password manager, and if you’re using Google Chrome or Mozilla Firefox you can link those password managers across devices. If you want to go a step further, 1-pass, Last Pass, and several other dedicated password managers offer free tiers of their software that allow you to manage passwords across multiple devices, browsers, and even allow in-app password autocomplete in mobile apps. Plus, if you pay for premium services, you can even share passwords with other people, like web developers who need to log into your website to finish some work.
Gone are the days when you had to remember 100s of passwords for 100s of services. Use a password manager, let it generate unique passwords for each site you visit, and use the autocomplete to take the hassle out of the process.
The general rule:
When you share passwords with someone there are two things to remember. If they need to log in for the long term, make them their own account if you can. But if they need temporary access, share the password with them, and then change it as soon as they are done. If you are using a password manager, generating a new password should be as easy as clicking a button.
3. Passphrases are better for you and your security:
When you do have to come up with a password, your biggest defense is actually length. If you can avoid using something easily guessed, the only option a bad actor has is to attempt to use computer software to guess your password at random, a task that becomes exponentially harder with each single character of length.
Do you remember the phrase “Please Excuse My Dear Aunt Sally” from school, or maybe “Every Good Boy Does Fine”? It turns out the human brain is really good at remembering sentences and phrases, especially if they have a strong cadence or are something we would never say in normal conversation.
So if you need a long password, and humans are good at remembering phrases, why not come up with something like “ElectricMooseDanceSideways” or “TheMoonTookTodayOff” and swap in your numbers and symbols as needed to fulfill your password requirements. Both passwords are more secure than 12 letter random passwords, and infinitely easier to remember.
This is an especially good thing to remember when setting the password for logging into your password manager. As it should be a password you can easily remember, and a password that is as strong as possible.
4. Two-step authentication is best:
People are very good at making mistakes. No matter how careful we are, we will never be perfect. Which is why it’s so important to have backup systems just in case.
In the case of passwords, the best backup system is Two-step verification, the idea that if a new device logs into your account, you have to verify the login somewhere else, email, text message, an app. If you have access to it, set up and use Two-step verification.
If you’re one of our web design/web development clients, your website already has Word Fence installed, which offers free two-step verification for your website. Facebook, Google, and many other websites offer it as well. Take advantage and get that extra piece of mind.
And finally, some general tips:
- Don’t re-use passwords across websites. Password managers make this easy.
- Check periodically to see if passwords you use have been compromised. The best service has a funny name and can be found at: https://haveibeenpwned.com/
- Try to avoid writing down passwords, but if you do write them down, keep them in a safe and private place.
- Make sure your email accounts have strong passwords, as if they get access to that they can get access to most services linked to that email.
Hopefully these tips have helped you out, and we can all get back to business as usual, but you should rest assured that if the worst does happen LVL UP has your back. Our team has on staff website security experts, installs software firewalls in every website we work on, and have the experience to recover your website quickly and safely should it become compromised.
