The main line of defence between your data and the rest of the internet is the secure and robust password. All your accounts starting from email accounts, social media accounts, to banking accounts, all rely on the main barricade: a strong password.
Why use a STRONG password?
Having a secure password for your online accounts is the first step in securing your data. It’s also crucial to have a secure password for all your online set-ups, including VPS servers. If you have a weak password for the VPS hosting where your website sits, then your whole business is vulnerable to a cyber-attack.
With all the technologies available, a simple password that you are using might be crackable in a matter of seconds. Have a look at this link to check how fast your current password can be cracked. A good password would contain a mixture of letters (both uppercase and lowercase), numbers combined with symbols.
In summary, a good password is what stands between you and your precious data.
What is a strong password?
A strong password has to be unique just for you, something similar to your fingerprint. Let us go through the most common ways on how to create the perfect password for your online accounts and online systems:
1. Include letters, numbers and symbols
When creating passwords, pay attention to the details of the password. In all the passwords that you will make, include:
- Symbols (@#$%&*)
- Numbers (12345)
- Lowercase letters (abcd)
- Uppercase numbers (ABCD)
If you would like to automate this process, there are free password generators on the internet. We would recommend using a password generator to create your secure password.
2. Make it long
Almost till the end of 2019, the minimum password length was eight characters long. However, this is no longer the case. With all the high powered systems in existence, cracking an eight-character long password is comparatively easy than cracking a 16 character long password.
We recommend having at least 16 characters in your passwords, or even more.
Note that in some cases, you are obliged to use a password that is less than 16 characters long or depending on the system/account you will create, it will have its own set of password length parameters.
3. Stay away from the obvious.
Here are the top 10 most common passwords that are being used all over the internet. It would be best if you avoided them at all costs:
Never use sequential numbers or letters on your password. Never include your personal information in the password like your name, date of birth, ID number etc. If a hacker targets you specifically, they will use all the information they have on you to crack your accounts.
Focus on creating something unique.
4. Avoid common substitutions
Password crackers are on top of all the substitutions that can happen for common words. You can use the word MARSHAL or MAR5HA1 and still end up being cracked using a brute force attack. A brute force attack is when the attacker tests multiple passwords repeatedly until on will work.
The best practice for today is random character placement which is more effective than the common substitutions.
5. Avoid using words as passwords.
When you are creating a password, try not to create a password with a word. Any word that you can find in a dictionary can be cracked using a dictionary attack. This type of attack is specifically made to run all the words in existence and check which one will work to access your account.
A dictionary attack can guess your password in a matter of minutes.
6. Don’t include any personal information.
When creating the password, don’t include any personal information, including:
- Names of your family members
- Mane of your pets
- House numbers
- Phone numbers
- ID card numbers
- Social security numbers etc.
7. Don’t use the same password over multiple accounts.
We know it’s difficult to remember complicated passwords for each different account you are using over the internet. However, don’t reuse any password or the same security question and answer over multiple accounts.
The reason for this is because if one account falls prey to an attacker, the other accounts are likely to follow in its wake. In this way, you will not only lose data from one account but from all the subsequent accounts as well.
Also, don’t use two or more similar passwords where most characters are the same. For example, externalHarddrivefacebook and externalHarddriveinstagram are not recommended. If one is stolen, it means both these accounts are stolen.
8. Do not use other systems to log in to sensitive accounts.
If you have to access a vital account like your bank account, try to avoid using someone else’s system or when connected over a public WIFI, free VPS or the TOR network.
9. Don’t send sensitive information.
Try to avoid sending sensitive information over an unencrypted internet connection. Unencrypted connections are HTTP and FTP protocols. Always try to check if the connection is secure using the protocols like HTTPS, SFTP and IPsec. If not, the data can be sniffed out very quickly.
10. Store your passwords securely
With all the online accounts in existence, it’s impossible to remember all the complicated passwords (at least I can’t). Therefore try to remember a few master passwords and store the other passwords in plain text files. Now you should encrypt this file with 7-zip, disk encryption or using any disk encryption software.
This way, all your passwords are safe, and you don’t need to go through the hassle of remembering all of them. We also recommend to back up your passwords in different locations. This way, if you lose access to your laptop, you can easily retrieve the passwords.
If this is too much of a hassle, you can always opt into using a password manager. You can save all your passwords inside the password manager and can be accessed using the master password. The passwords are kept secure and encrypted.
11. Use 2FA at all times.
Whenever possible, we recommend using two-factor authentication (2FA). This is the second layer of security to all your accounts. Two-factor authentication works in a way that once you enter the password, it will request another confirmation from you. There are multiple ways of how two-factor authentication works.
It can be an email confirmation or through an authenticator application like Google authenticator, which requires you to submit a verification code from your phone. 2FA is not available for all accounts, but if there is a possibility to activate it, we recommend doing it.
Passwords are essential in your business (also personal life) and a safety measure for all your accounts. Additionally, here some final tips on good internet habits:
- Use a VPN when using public WIFI
- Never text or email your passwords
- Make sure your software is up to date
Security breaches happen all the time, and the best way to keep yourself and the people you care about safe is by sharing the information with them. Keep yourself safe and keep your close ones safe by sharing this article with them.