Securing your passwords is the first (and perhaps, the most crucial) step to securing your most sensitive information. A good password can mean the difference between a compromised account and a secure one. Even seemingly good passwords might not be as good as you think, especially if you have poor password management habits.
We often neglect our passwords, but with password breaches on the rise, securing login credentials is more important than ever. Cybercriminals are persistent and good at what they do, and it’s up to us as businesses and individuals to create a more secure internet by taking our own security measures more seriously.
Here are six things to watch for with your passwords to ensure you’re not putting your most sensitive data at risk.
First and foremost, you need to look at all of your passwords and check to see how old they are. When did you create that account? Have you ever changed its password? Is it over a year old? Two years? Five? The older your password is, the more likely it is that it’s been breached, and could even be on a list of compromised passwords floating around on the dark web.
Old passwords are more likely to have been hacked or attempted to be. It’s important to change your passwords at least twice per year, but if you can, change each password every 90 days or so. This will keep your passwords cycling away from similar patterns, but only if you’re practicing good password creation habits. We’ll cover that in number six on this list. Read on!
So, how many accounts do you use the same password for? Don’t be shy—a startling number of people (around two-thirds, in fact) recycle their passwords across multiple accounts. This might seem like a great idea, right? You’ll remember the passwords for all of your accounts, you won’t have to store them anywhere, and you won’t have to put in something different for every account and take up more time. Unfortunately, your convenience is the hacker’s doorway into your bank accounts, social media, and more.
Recycled passwords are like candy to a hacker. All he has to do is acquire one account’s password, and he has access to all of your other info. Your Facebook account got hacked, but you used the same password for your banking app. Whoops! Now you’re out $2,000, and the hacker has opened a credit card in your name. It can happen that quickly, and that easily.
Let’s say you’re not recycling passwords. That means you’re using unique passwords for every account, which is great—unless you’re storing those passwords in a Google Doc or Microsoft Word document. Maybe you’ve got them stored on a sticky note somewhere in the heap of paperwork on your desk? Either way, you’re equally at risk.
You don’t want to store your passwords just anywhere, and a little bit of maintenance and management can increase your security tenfold. That’s where tools like a free online password manager come in handy. You’ll be able to store, manage, and generate new, secure passwords directly within the app/software. So, put the sticky notes away, delete that Google Doc, and start storing your passwords properly.
If you’re already at the point where you’re being notified about failed login attempts or logins you didn’t participate in, a hacker already has your information. What do you do? First and foremost, you notify the website that your password has been hacked. It’s best not to try to log in and try to recover anything until you’ve spoken with the security team about your account.
You’ll likely just need to reset your password and boot the hacker out, but by the time you get there, he may have already acquired the information he was looking for.
If you suddenly start receiving odd emails out of nowhere, one of your accounts might be compromised already. Don’t open strange or suspicious emails, as they could be a phishing attempt or even a virus. Check each of your accounts, change the password(s), and see if the emails stop coming.
Most email accounts will have a spam folder where you can store such emails for deletion. If you continue receiving them, you may need to contact your email provider or delete accounts altogether.
Creating secure passwords isn’t rocket science, and there’s a simple formula that anyone can follow to increase their passwords’ security tenfold.
Always use upper and lowercase letters.
Use numbers and symbols, too.
Don’t use familiar phrases, common words, or any numbers/words that relate to your identity (yes, that means birthdays).
Always scramble letters, numbers, and symbols into a random order.
If you follow this simple formula, your password creation skills will increase. You can also use a password manager to help you automatically generate secure passwords for any website if you’re not great at making them yourself.