Longer or shorter passwords? Special symbols? We’re here to answer your questions about passwords.
Passwords were once the way to access computer systems securely. Fast forward to the sheer number of sites and services that we log into daily and there are many challenges presented from keeping our credentials secure to increasing the complexity of passwords. While most of us know not to use the same password for all of our personal and professional credentials, long and unfriendly passwords are becoming unmanageable.
NIST guidelines regarding password security practices have been changed from NIST in NIST 800-63. The new guidance from NIST is that the notion of difficulty to type (mix of words, numbers and symbols randomly) lead to poor password behavior by users. Here are 7 tips for a better password security:
- Avoid Using Password on Public Computers
Avoid using your password from public computers. These machines may be infected or be connected an unsecured network. Authenticating to confidential systems should only be done from trusted machines.
- Password Reuse
Your passwords may be compromised through the compromise of a site/service that you are using. If that password is the same as other critical services you use, that could lead to even more trouble! How do you maintain different password for every site you use? One method is to add a variation to your passwords for each unique site such as adding something unique to a strong base password based on the domain. Another method is to use password manager software but you must consider the risks of putting all the passwords in one place! If you choose a password manager, it will be necessary to set a very secure master password and enable multi-factor authentication.
- Don’t Share Your Password
You should not share your password with anyone. This includes your IT Team and your co-workers. Not sharing passwords also means not keeping them in writing on your notes section of your personal device, under the keyboard of your device or on your device which are all much too common.
- Change Your Password IF Compromised
This is related to Tip #2 on Password Reuse. Check to see if your credentials have been compromised. How? One way to check is at haveibeenpwned.com./ The results may be scary but changing any passwords that you were using for the sites listed will help including anywhere that password was reused.
- Longer Passwords are Better
One way to have longer passwords that are not too difficult to remember is to use pass phrases. There is a lot of guidance on how to make a secure passphrase. Some suggest using unrelated words or mixing characters together. Using easy to remember phrases with some numbers or special characters can help to improve the process.
- Phishing Awareness
Be cautious of links in email messages, even for sites that you use. A well-crafted phishing email can look very authentic to try and trick you to enter your valid credentials to steal them! There are tips to help spot phishing emails that you can find in a future blog. A very safe way is to bypass the email’s link and go directly to the site in your browser.
- Not Really a Password Tip but Multi-Factor Authentication (MFA)
One of the best ways to protect passwords is MFA. Don’t let the loss of a password by itself compromise your logins. MFA is the addition of a factor; something you have or something you are. Examples are software tokens, applications, fingerprint, or facial recognition to name a few. Anywhere you can, and especially for critical services, if the site supports multi-factor authentication, enable it! Your options will be dependent on what the site supports, but this can exponentially increase the security of your authentication credentials.
At work and in our personal lives, the number of credentials that we are managing is continuing the grow. Attackers are constantly seeking access to our data and resources hidden behind these credentials. Using these tips can help secure your accounts.
The team at CastleLock has decades of experience across government, finance, health, manufacturing, telecom, and other industries in establishing effective security controls to fit your organization. Let CastleLock help – firstname.lastname@example.org.