Using weak passwords or the same password can have serious consequences if your data is compromised – even if that password is strong. For example,that uncovered personal information such as login credentials and home addresses that someone could use to cheat you or steal your identity. And since 2017, hackers have published 555 million stolen passwords on the dark web that criminals can use to hack into your accounts.
Password protection may not completely prevent your data from being exposed, but these best practices can minimize your risk as it is. Here you can read how to create and manage the best passwords, how to find out if they are stolen and an essential tip to make your accounts even more secure.
Use a password manager to keep track of your passwords
Strong passwords are longer than eight characters, are difficult to guess, and contain a variety of characters, numbers, and special symbols. The best can be hard to remember, especially if you use a separate login for each site (which is recommended). Password administrators come in here.
A trusted password manager such as 1Password or LastPass can create and store strong, long passwords for you. They work on your desktop and telephone.
The small reservation is that you still have to remember a single master password that unlocks all your other passwords. So make it as strong as it can be (and see below for more specific tips on that).
Browsers such asand also come with password managers, but our sister site TechRepublic is concerned about how browsers use passwords secure that they save and recommends a special app instead.
Password administrators with their single master passwords are, of course, obvious goals for hackers. And password managers are not perfect.that could have uncovered a customer's login details. To his credit, the company was transparent about the possible exploit and the steps it would take in the event of a hack.
Yes, you can write down your login details. Really
We know: this recommendation goes against everything we have been told about protecting ourselves online. But password administrators are not for everyone, and some leading security experts, such as the Electronic Frontier Foundation, suggest that storing your login data on a physical sheet of paper or in a notebook is a useful way to track your login data.
And we are talking about real, old-fashioned paper, not an electronic document such as a Word file or a Google spreadsheet, because if someone gains access to your computer or online accounts, they can also access that electronic password file .
Of course, someone can also break into your house and walk away all your life with the access codes, but that seems less likely. At work or at home, we recommend that you keep this sheet of paper in a safe place – such as a locked desk drawer or cupboard – and out of sight. Limit the number of people who know where your passwords are, especially for your financial sites.
If you travel frequently, physically taking your passwords with you entails a greater risk if you misplace your notebook.
See if your passwords are stolen
You cannot always prevent your passwords from leaking, either through a data breach or malicious hack. But you can check at any time whether your accounts may have been compromised.
Mozilla & # 39; s Firefox Monitor and Google & # 39; s password check can show you which of your email addresses and passwords have been compromised in a data breach so that you can take action. Have I Been Pwned can also show you if your e-mails and passwords are exposed. If you discover that you have been hacked, consult our guide on how to protect yourself .
Avoid common words and character combinations in your password
The goal is to create a password that someone else will not know or cannot easily guess. Stay away from common words such as "password", phrases such as "my password" and predictable strings such as "qwerty" or "thequickbrownfox."
Also avoid using your name, nickname, the name of your pet, your birthday or anniversary, your street name or anything that has something to do with you that someone could find out through social media, or from a genuine conversation with a stranger in an airplane or at the bar.
Longer passwords are better: 8 characters is a starting point
8 characters are a great place to start when creating a strong password, but longer logins are better. The Electronic Frontier Foundation and security expert Brian Curbs advise, among other things, a password sentence of three or four random words for extra security. However, a longer password sentence that consists of unconnected words can be difficult to remember. You should therefore consider using a password manager.
Do not recycle your passwords
It is worth repeating that reusing passwords for different accounts is a terrible business idea. If someone discovers your reused password for one account, it has the key to any other account for which you use that password.
The same applies to changing a root password that changes by adding a prefix or suffix. For example PasswordOne, PasswordTwo (both of these are bad for several reasons).
By choosing a unique password for each account, hackers who hack into one account cannot use it to access the rest.
Avoid using passwords that are known to be stolen
Hackers can effortlessly use previously stolen or otherwise exposed passwords in automated login attempts that are called log-in details to break into an account. If you want to check if a password you are considering has already been exposed in a hack, go to Have I Been Pwned and enter the password.
It is not necessary to reset your password regularly
passwords every 60 or 90 days was a long accepted practice, because the thinking went, that was how long it took to crack a password.
But Microsoft now recommends that you do not need to change it periodically unless you suspect that your passwords have been exposed. The reason? Many of us, by being forced to change their passwords every few months, would have bad habits to create easily remembered passwords or to write on sticky notes and put on our monitors.
Use two-factor authentication (2FA) … but try to avoid SMS codes
If thieves steal your password, you can still prevent them from accessing your account with two-factor authentication (also called two-step verification or 2FA), a security that requires you to enter a second piece of information that only you have (usually a one-time code) before the app or service logs you in.
In this way, even if a hacker discovers your passwords, without your trusted device (such as your phone) and the verification code that confirms that it is you, you cannot access your account.
common and convenient to receive these codes in a text message to your cell phone or in a call to your landline, it is simple enough for a hacker to steal your phone number viaand then your verification code to intercept.
A much safer way to receive verification codes is to generate and retrieve them yourself using an authentication app such asor . And once you've set up, you can choose to register your device or browser, so you don't have to re-verify it every time you sign up.
Working proactively is your best protection when it comes to password protection. That includes. And if you discover that your data has been exposed, we will guide you through what to do if .