Updated: Apr 29, 2022
Why is password security so important?
If you’re anything like most people, you have more passwords than you know what to do with. If you have an email, a stack of social media accounts, logins to online shopping sites, your router, work apps, or online banking, you’re well on your way to having more online accounts than you can possibly remember passwords for.
According to a 2020 study by NordPass the average user has around 100 passwords! "Many online services have seen a spike in usage during lockdowns," says Chad Hammond, security expert at NordPass. "As people spent more time indoors, they looked for more digital entertainment, shopped online, and used other online resources. It comes as no surprise that the number of passwords has grown," he says.
It’s safe to say that passwords are a growing concern. Remembering them all can seem like a Herculean task, but as passwords are often the only thing standing between your private information and the prying eyes of others, they’re undoubtedly important. And if you use the same password for more than one account, and just one of them is compromised, you are at risk.
NordPass list of the most common passwords and how quickly they can be hacked.
Password security guidelines
When it comes to beefing up your password security, there are some simple, yet important guidelines you should follow:
Use passphrases with 3 random words
Use a unique passphrase for each online account
Use 2FA (two factor authentication) where ever possible
Use a Password Manager
You can test out how long your passwords would currently take to be hacked here: https://howsecureismypassword.net/
What is Two-factor authentication?
When looking at strengthening your password security 2FA can be an excellent tool, and more organisations are now requiring it for all their accounts. But what is it, and how do you effectively use it?
Two-factor (or multi-factor) authentication, much like its name suggests, is when two separate hurdles must be cleared in order to access an account. For example, if you set up an online account and have to provide your mobile phone number so the site can send you a code via text message. This code and your password are the two factors required to gain access. Two-factor authentication typically requires you to provide something you know, and something you have.
An example of two-factor authentication that almost everyone is familiar with is used when we’re attempting to access a bank account via ATM. There are two requirements for access: your bank card (something you have), and your PIN (something you know). Having only one of these will not allow access, and by requiring both, it makes it much more difficult for thieves to access your account.
Two-factor authentication reduces risk, but unfortunately it doesn’t eliminate it. The text messages with codes can be intercepted, and techniques such as phishing can still be used to bypass a two-step login process. However, if you have the option, two-factor authentication is a useful way to beef up your online security.
There are useful tools that provide you with a list of 2FA enabled websites. Always check with sites that will hold your sensitive information if they provide two factor authentication.
What about password managers?
When talking about password security, it would be remiss not to mention password managers — or, as they’re otherwise known, password keepers or password safes.
Many operating systems and browsers now come with built-in password managers, and there are also cloud-based options or local programs available to download. The way they work is quite simple: you create a “master password” which is used to manage all other passwords. When creating a new account, you can generate a random string of numbers, letters and symbols which you don’t have to memorise as long as you have your master password. This allows you to use a unique, high-strength password for every new online account.
There are a few important things to bear in mind when considering using a password manager however: the master password you use should be something you won’t forget, so you don’t lose access to all your other passwords; it should also be extremely secure, as using a weak password to protect all others sort of defeats the purpose.
Some well-known examples of password managers include 1Password, LastPass and DashLane for passwords which are stored in the cloud. Roboform, PasswordSafe and KeePass are examples of local programs. Some people have concerns about storing password information in the cloud, which is something to keep in mind.
When considering a password manager, always check reviews and the company’s background and track record before committing. But if you do your due diligence, password managers can be another form of protection against lax password security.
Having robust password security is just as important as guarding the combination to a safe. Don’t leave yourself defenseless. Here at GoldPhish, we believe that online security should be accessible and easy for everyone by providing awareness training and solutions that dynamically adapt with the on-going change.
GoldPhish empowers cyber heroes with world-class security awareness training and simulated phishing.
It's Cyber Made Simple.