Enhance Your Password Practices for Security
November 29, 2022
Passwords, including PINs and passphrases, are used daily for online banking, email, and other platforms where personal information is stored, including smartphones and other electronic devices. Despite frustrations with passwords, they remain a widely used “first line of defense” against unauthorized access to information or physical property. Unauthorized access to personal information can lead to many consequences, including identity theft and fraud.
Common Password Mistakes
Despite the potential negative consequences of unauthorized access, people may take shortcuts by choosing easily guessed passwords. However, it is essential to remember that the stronger the password, the less likely a hacker can access sensitive information.
- Common password mistakes include:
- Using personal information because it is easy to remember
- Using the same password you have used for another login
- Using similar passwords that only vary by one character
- Using a short password
- Storing passwords in places that are not secure
- Never changing passwords
To avoid some of these common password mistakes, it is suggested that users:
- Use the longest passwords or phrases allowed within a password system, with a minimum length of 12 characters (alpha (upper and lower case), numeric, and symbols)
- Use words that are not found in any dictionary of the various languages
- Do not use common phrases or song lyrics
- Use mnemonics for remembering complex passwords
- Use a password manager program to store and keep track of passwords
Basic Security Practices
The National Institute of Standards and Technology (NIST) has determined that length is the primary factor in characterizing password strength. Today’s hacking techniques and technology make short passwords susceptible to brute force attacks and dictionary attacks that use words and commonly chosen passwords. A brute force attack is when a person or, more likely, a program tries to breach a system by using a trial-and-error method of attempting multiple combinations of numeric/alphanumeric passwords.
While password length is the primary factor in determining password strength, it is still important to make passwords complex by using an assortment of letter, number, and character combinations. In addition to using best password practices, individuals should remember security basics.
Security basics include:
- Keeping software up to date
- Utilizing antivirus and firewall protection (sold by many places where audio and telephonic products are sold)
- Doing regular virus scans (good virus protection is available from legitimate dealers upon device or system purchase)
- Being cautious of attachments and untrusted links in emails, and
- Watching for suspicious activity on accounts
Sensitive information should never be shared via email but through secure software designed to share information safely using encryption. Without strong passwords and security basics, individuals become more susceptible to data breaches that could lead to identity theft and financial loss.
What to Do About a Breach
Upon discovery that an unauthorized attacker has accessed an account, it is advised that the password be changed immediately. When an email password is compromised, the individual should check all accounts directly or indirectly related to the email. A breached email account may allow a fraudster to impersonate the user to communicate with financial institutions or other businesses and answer security questions. When an email or online banking account is compromised, the user should contact their financial institution immediately to help remediate any attempted or actual fraud.
While tracking more complex passwords may be frustrating, these safeguards are the first line of defense against the unauthorized use of information or physical property. When creating and using passwords, it is always best to avoid common password mistakes and utilize best password practices.
In summary, the longest password length possible in a system should always be applied as it is the primary factor for password strength. In addition to making strong passwords, practicing security basics is essential. It may not be possible to eliminate the threat of a breach, but creating strong passwords, keeping them protected, and practicing security basics are the best defense against falling victim to identity theft, fraud, and other negative consequences.