Tips for Creating a Strong Password
Passwords can be an inconvenience to remember, especially when you have dozens of applications and accounts to log into everyday. However, with the increase in phishing and ransomware attacks, passwords can be the main line of defense when securing your data. Once an attacker knows your password, your personal data and your company’s data may be at risk. Employees are often the weakest link of any organization’s information security, so it is important to ensure that you and your employees follow these tips. These steps should be outlined in a strong, detailed password policy.
1. Use a longer password with a mix of letters, numbers, and symbols.
Making passwords more complex can hinder the possibility of an attacker guessing the password. Using an easy password such as NYClover can be strengthened by adding numbers and symbols. For example, the password N3wY0rkC!tyL0v3r is more secure.
2. Never use a word or phrase that is easy to guess or contains personal information.
Using personal information such as your middle name or birthday can be risky, especially when it is found on your social media. Using full words or phrases in your passwords may also make them easy to guess. See the list of 1000 most used passwords and avoid using them.
3. DO NOT use the same password for all your accounts.
Using the same password for all your accounts can be dangerous. By doing so, an attacker may be able to access all of your accounts with just one password.
4. Never write down your passwords on paper.
5. Use Multifactor Authentication (MFA).
Using MFA can help secure your account just incase your password is compromised. MFA can be a one time code sent to your phone or email. Google allows users to set up MFA manually.
6. Change your passwords consistently.
Passwords should be changed on a regular basis, just in case your current password gets compromised. Many applications require users to change passwords after 90 days or X increment, while others may just recommend changing your password after a certain period of time. Best practice is to change your password on a consistent basis, preferably 90 days or less.