Password Hacked? Best Practices for Strong Passwords

Summary: Learn the common mistakes used when creating new passwords, and how to protect passwords from being hacked. Wondering what is a password manager and whether you need one? Use password best practices to help protect data and financial assets from cybercriminals.

Password Safety – A Single Password Is Not Enough

Computer passwords have been around since the 1960s. Ironically, a half-century later, small and midsized businesses (SMBs) and home users still must keep up with evolving password security rules. Even tech-savvy users can improve password management to avoid having a password hacked. Here are some of the most common password mistakes:

• Using the Same Password Across Multiple Platforms – Using the same password repeatedly across websites and apps makes it easy to remember. However, such a practice makes it easier for hackers to breach your private data. If a cybercriminal gains access to that frequently used password, they will have an “All-Access Pass” to every platform for which you have assigned that password, including banking, social media, email and credit card accounts.
• Saving Passwords to a Device – Letting your browser or phone remember and save a password can have disastrous consequences if a cybercriminal hacks your device. They will have access to all your accounts (banking, email, shopping, business accounts) and can then change your passwords. Recovering from this sort of attack can take months or years.
• Recycling Old Passwords and Changing Them Too Often – Recycling passwords is not a great idea because if a password you used years ago was compromised or was too simple from the start, it will be more likely to be discovered by hackers. Hackers buy lists of passwords on the dark web, many of which are several years old. Studies show that users who recycle and change passwords too often are more likely reuse the same half dozen passwords repeatedly, making it easier for cyber thieves armed with password-guessing software tools.
• Using Family Names and Private Data – Family names, pet names, birthdays and anniversaries used for passwords are no longer a safe choice. Hackers have sophisticated software to help them glean many of those data points online, making it easier for them to guess those passwords. Public information and social media help supply missing information for cybercriminals.
• Storing An Unsecured List of Passwords on your Devices – Storing a digital list of passwords on your computers or mobile devices is not much different than leaving a sign inside the front door of your home, directing criminals to where all the money and jewelry are stored and where to find the keys to locked cabinets.
• Omitting Password Protection from Mobile Devices – An astounding 52% of users have not enabled password locking for their mobile devices. Also, many users with password protection on their devices use easy ones such as “123456, 222222” or a geometric pattern using the keypad. As mobile devices connect to your business network and are potentially vulnerable access points, they must be protected by the same cyber security protocols as company computers. Mobile devices are a significant part of the cyberattack target landscape.

What is a Password Manager? How To Remember Passwords the Secure Way

Some users keep a spreadsheet of passwords on their computer (please do not do this!). Others keep a handwritten hard copy of passwords in their office or sticky notes all over their desk. These methods of how to remember your password come with significant risks and are not helpful when traveling or facing weather and building disasters. The safest plan is to use a password manager (also called a password locker) to manage and store all passwords securely across devices. Password managers take a little getting used to initially but quickly become routine. They provide a very high level of security. SMBs are encouraged to make password manager use mandatory for all employees.

Password Managers to The Rescue

Password safety has become a top priority in data protection, and password managers are excellent tools for creating and securely storing passwords. The benefits of password managers are:

• Creation of a “Master” Password – Remember one strong password to protect all other stored passwords. It also helps you remember and manage all the digital accounts you have.
• Generation of Random Unique Passwords – High-quality password managers generate complex and robust random passwords of whatever length you choose, unrelated to your personal information. They will help you avoid re-using passwords across multiple accounts. Long, random passwords are safer but harder to keep track of, so a password manager is an excellent method of how to remember your password.
• Easier Access to Accounts – Once installed on your computer or phone, safely logging into accounts is easier and more secure. You sign into the password manager using multi-factor authentication and then have access to all your passwords for the rest of the session.
• Easy Editing of Passwords – Passwords may be edited at any time. The password manager will store it and remember it for you.
• Secure Storage of Passwords – Passwords are stored in one highly secure place. Users can access their passwords from multiple devices or share them with a family member or estate attorney. If someone tries to access your master password account, you are alerted when a request is made for the MFA code. This is the best option of how to remember your password, especially for a seldom-used one.
• Security Alerts – When one of your passwords becomes part of a known data breach, you will receive an alert and be prompted to change it.

Password Safety as Part of the Bigger Picture

There are many “moving parts” related to cyber security. Passwords are the first line of defense in protecting your hard-earned business data (and client/patient/employee data) from a breach. However, password safety and avoiding having a password hacked is only one part of network defense. Network security is most effective when applied in strategic layers and reviewed at regular intervals.

Cybercriminals change their industry focus and tactics for harvesting valuable business data or stealing funds directly from user accounts. Proactively protect your computers and devices to reduce the risk of an attack and limit the scope of an attack when one happens. Having a trusted professional familiar with your network assets will help speed recovery and help your business return to productivity faster.

Cyber attacks are costly and time-consuming events. They can wipe out years of effort and profits and consume your focus for months. There is no one utterly failsafe protection method - and attack methods change. So, updated security and employee training is essential. Take steps to reduce risk and include cybersecurity in your annual IT budget.