Editor’s note: As part of Cybersecurity Awareness Month, we’re sharing tips for living a more secure online life.
When you go to bed at night, do you just latch the screen door? Probably not. You most likely also lock the front door, throw the deadbolt, and maybe even engage a security system, too.
None of this means no one can get into your house, but it sure makes it harder – and that makes it more secure.
But what about your passwords? Are they the equivalent of a latched screen door, or a top-rated security system?
You always hear how important it is to have strong passwords. But what makes a password strong? Is it super-complicated and hard to remember? Fortunately, you can make passwords that are both strong and easy to remember.
A longer password is better
Instead of using a password, consider a passphrase instead. This can be either a random collection of at least four words or a short memorable sentence. If the password requires uppercase, lowercase, numbers, and/or special characters, it’s easy to randomly add those in and still create a password you can remember. For example:
- gre*enDog loves 3purpleshoes
- feraL attic grAss&italy
Avoid famous quotes or common phrases, though — those would be easy for a hacker to crack.
Use a password manager
A password manager is an app that acts like an encrypted digital vault. It stores all your login information and helps you maintain unique passwords for each website and app that you use.
For your home or personal passwords, consider using a password manager like LastPass, 1Password, or DashLane. With these, you only have to remember one (very strong, please!) password, and the password manager does the rest for you.
Just be sure you can remember your main password – and make it as strong as you possibly can.
If two-factor authentication is an option, use it
What is two-factor authentication? When you log in to your account, two-factor involves both your password and something else (like a fingerprint or a numerical code generated by an app on your phone).
This adds an extra layer of security. Even if an attacker gets your password, they still can't access your account.
If you haven’t already, you’ll want to set this up for things like your bank account, your email account, and anything else that is important to you.
You can use apps like Google Authenticator or Imprivata ID to generate a unique code for one-time use or, if necessary, a text message can be sent to your phone with that code. Bottom line — if a website or application offers two-factor authentication, opt in. It’s worth it.
We could, and probably will, write an entire article on things you shouldn’t do with your passwords, but here’s the most important: don’t re-use passwords across different accounts or sites.
Once an attacker has your password, they’ll figure you most likely used that same one in other places, and they’ll try it out. If that happens to be on your bank’s site or your email, you’ll have a big mess to clean up.
Over 80 percent of breaches are caused by weak or reused passwords, so don’t just latch the screen door. Instead, use the tips above to make sure all your information is locked up just as securely as your possessions.
Jeri Leonard, CISSP, is a senior security engineer with Spartanburg Regional’s Information Security department.