Whether you use a PIN number to withdraw cash from an ATM or a password to login to your work computer, choosing a unique password can be a source of relentless frustration. Coupled with varying length and complexity requirements, picking a password can often lead to a jumbled head and the administrative nightmare of tracking and remembering which password to use and when to use it.

The benefits of password protections are undeniable and extremely important for a secure digital experience in the information age. Attackers are a round-the-clock threat to your personal data and in an enterprise environment, attackers are often leveraging your information to launch an even larger attack on your company's network. By incorporating these password tips, you'll balance security and convenience, while protecting yourself and your organization.

1. AVOID EASY TO REMEMBER PASSWORDS

One of the biggest mistakes people make when creating a password is choosing simple, easy to remember passwords. The problem with this approach is that it is an easy "in" for attackers to crack. Today's practice of oversharing on social media means that people's willingness to volunteer personal information becomes a huge boon to attackers in their quest to start guessing passwords that contain significant names, birthdates, and numbers in our lives.

Unfortunately, people don’t exercise much creativity when choosing their passwords and tend to pick words that are obvious, immediate, and without too much guesswork. One common attack, known as a “dictionary attack,” attempts to access password-protected accounts by using a list of words or phrases commonly used by businesses and individuals.

Tech Tip: If you’re eager to establish simplicity in your password routine and really want to include an important milestone such as a significant date or the name of your pet/child, do so by intentionally misspelling the word(s) or use numbers and symbols to replace the letters. Doing so will strengthen your password tremendously.

2. DEVELOP YOUR OWN PASSWORD SYSTEM

After you've finally come up with a unique password, it can be really tempting to use it across all accounts—work, personal, email, and social. The problem with this approach is it gives attackers the keys to your online kingdom if your password on just one of your many accounts becomes compromised. Rather than reusing the same password across every platform, develop a system that is unique to each account, but only memorable to you.

Let’s walk through generating a simple, but effective password process that illustrates this suggestion:

Choose a root password, like “y3lL0w$toN3." On its own, its length and complexity make it a relatively secure password. However, to make it truly unique to other applications and accounts you may access, you’ll want to add something specific to the password about the service you’re accessing. For example, if used to login to your workstation, maybe you add “Mw1MaD” to the beginning of the root password. This random string will mean nothing at first glance, but it’s a mnemonic for “My work is making a difference." Another example, when used on your favorite social media site, could be “D$2mTo$m!” for “Don’t spend too much time on social media!”

For each account that you access, an easily remembered, unique addition, should be included to your root password. Doing so will compound your password security and prevent catastrophe if one of your passwords is compromised.

3. INVEST IN A PASSWORD MANAGER

When remembering a unique password for each service you use just isn’t a workable solution, invest in a password manager to store your passwords. A password manager is a master-keeper, if you will, of every password credential that is required for access. You remember ONE PASSWORD to access the password manager, the rest are stored inside the device. Before purchasing or signing up for a service, however, you’ll want to consider a few things about the password vault itself. Good questions include:

  • Is it better to buy the password manager outright or pay a subscription?
  • Does this service support the devices you’re wanting to use it on, including your preferred browser?
  • Are the passwords you’re storing in the password manager being encrypted end-to-end?
  • Is multi-factor authentication (MFA) being employed?
  • What kind of recovery options are available if you cannot remember your login credentials for the password service itself?
  • Are passwords being stored on your device or in the cloud?

Getting clear on the password manager's functions and asking these security-related questions will help you understand how your passwords will be protected from compromise.

4. FORTIFY YOUR PASSWORD WITH MULTIFACTOR AUTHENTICATION (MFA)

One of the best ways to protect an account is to implement multifactor authentication (MFA) whenever possible. A secure password is great, but safeguarding the account with another layer of security is always better!

MFA is a security tool that requires the user to provide two or more verification factors when trying to gain access to an account or service. Verification factors fall into 3 categories: something you know, something you have, and something you are. To qualify as multi-factor, the verification methods cannot be from the same category.

Examples of something you know:

  • Password
  • PIN #

Examples of something you have:

  • Badge
  • Smartphone

Examples of something you are:

  • Fingerprints
  • Voice recognition

Passwords are a necessity to prevent your online data and account access from landing in the hands of a threat actor. In addition to safe browsing techniques and always using HTTPS, a secure password system is an easy way to make sure your important banking information, email accounts, and so much more are not accessible to anyone other than you. If your business can benefit from an organizational policy about passwords or by implementing security tools to strengthen your IT network environment, TriQuest can help.

For 23 years, TriQuest Technologies has been powering the success of businesses throughout Fort Worth and Dallas. At our heart is a commitment to design reliability into every aspect of our customers’ IT system. The result? A trusted IT partner who specializes in cybersecurity, cloud migration, IT management services, and network infrastructure. TriQuest offers unlimited professional support and a wide range of services to meet your individual needs. Let’s talk about how Reliable IT can transform your business. Call us today at 817.882.8500 Ext. 2 or click Contact Us in the top right menu bar.