Top 3 Tips for Better Password Security

Cybercrime is more than a mere inconvenience for consumers who lose sensitive information to hackers and companies that have to deal with the fallout of an embarrassing and costly data breach. According to the U.S. Department of Justice, cybercrime is an enormous and growing threat that puts economic prosperity, public safety and national security at risk.

Thanks to massive, headline-making data breaches that compromised hundreds of millions of passwords and username combinations, nearly half of adults in the U.S. have now had their personal information exposed to hackers. Today, consumers are more likely to experience a hacked email account than a home burglary.

Weak passwords are frequently the hackers’ entryway into an unwary consumer or company’s system. But despite the rising danger of data breaches, too many people still use easy-to-crack passwords and poor password management practices. Here are three tips to strengthen password security at home and on the job:

1. Always use strong passwords. The two most popular passwords used in 2015 were “123456” and “password” — a practice that is inexcusable given the risks. It’s also a terrible idea to use one’s name, occupation, birthday, children or pets’ names, etc., as a password since this information is easy for anyone to access online. Random words are also risky since some hackers use “dictionary attacks” — running a program to try every word or phrase until they hit upon the right one. Instead, use a combination of upper and lowercase letters, numbers and symbols (such as: @#$%&*), which makes the password exponentially harder to crack.

2. Use a unique password for every site. Another extremely poor password management strategy that is still widely used is the practice of using one password for multiple sites. It’s understandable that consumers would seek to minimize the number of total passwords they use when visiting their favorite sites — remembering multiple, complex passwords is a challenge. But it’s a bad idea because if a hacker manages to compromise the password and username combination on one site, the user’s information will be exposed across multiple sites. That’s why it’s so important to create a unique password for each registered site.

3. Change passwords every 30-60 days. Using the same password for months or even years at a stretch is another common practice that puts consumer and company data at risk. Even users who select unique passwords for every site are at risk if they don’t change the password frequently, and they may not even realize they are in danger until their hacked password is sold and used weeks or months after the initial breach, which often goes undetected. The more frequently the password is changed, the less likely hackers are to profit from its resale.

Unfortunately, some users don’t bother to use strong passwords because they are still waiting for a password-free future that may never come. The use of biometrics is popular on some devices, but even then, users will have to create passwords to access most sites, and biometrics can pose their own problems — most significantly a lack of flexibility and vulnerability to hacking by other means, i.e., high resolution photos.   

Passwords are here to stay for the foreseeable future, and they form the first line of defense against hackers, so it makes sense to improve password practices. A good password management system can automate the password creation process and eliminate the need to remember multiple passwords; the user just has to remember a single master password. But whether users sign up with a secure password manager or resolve to implement better practices on their own, the fact remains that the risks are growing and the stakes are high. These three tips can help users stay safer in an increasingly dangerous online environment.   

About the Author

Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the top-rated RoboForm Password Manager solution. Find out more about RoboForm at http://www.roboform.com