Your passwords are central elements of cyber security. Creating and managing them is crucial to protecting your business reputation and resources.
Here are tested-and-proven password tips to protect yourself against hackers:
1. Don't Use Weak Passwords
Weak passwords are the primary targets of hackers. In fact, 30% of security breaches are caused by weak passwords!
Here are the elements of a good password:
- A combination of uppercase and lowercase letters
- At lease eight (8) characters
- At least one number and one symbol (e.g. punctuation mark)
- Don’t use commonly-used passwords such as “PassWord123!” or “Qwerty123” because brute force (hackers attempting to guess) will crack them in no time.
The bottom line is: no matter how a hassle it may be for you, it is important to use different passwords to each online account. Also, they must be unique in all aspects. Don’t just add the number “1” or “!” as an extra character. When hackers access your multiple accounts, they will notice these patterns and execute them to your other accounts.
2. Never Use the Same Password Twice
Because so many websites require passwords, you may have the tendency to reuse passwords multiple times. This is a bad idea.
Think about it: If hackers successfully hacks a website, they will then try to access your other accounts including Amazon, PayPal or other sites where you might store credit card information.
Another thing that hackers do is to sell your username, e-mail, password and confidential information in the dark web. Buyers of stolen passwords will then try to bombard websites using these credentials.
If you use them in multiple websites, hackers can access your other accounts. They also use software programs to automate and log-in username-password combinations in a relentless manner.
3. Use Professional-Grade Password Manager
The best passwords are unique and complicated passwords. However, these are a giant pain to remember. They must be uniquely created and safely stored.
We do not recommend that you store your passwords in Excel files, Word docs, Note-taking software or within your Emails. These are accessed by individuals, companies or attackers or you might share them unknowingly.
We recommend that you use a professional-grade password manager like LastPass or Password Boss. These enable you to create complicated passwords, use them in matching sites, and executes warning mechanisms when there are suspicious usage.
Just remember: The only one password to your password manager must be unique, complex, and safely-protected!
4. Don't Store Passwords in Your Browser
Storing passwords and credit card info in your browser leaves you very vulnerable to hackers.
First, when you leave your computer momentarily, anyone can log into your accounts. Second, browser-based password managers lack the security and features of a dedicated password manager.
This is why we recommend using a professional-grade password manager. Here, you create, store, and use your complex passwords securely without having to forget or expose them.
Watch-out for Unauthorized Password-Requests
When cyber criminals get hold of your username, they will try to reset your password and contact you for the confirmation code.
If you receive password-change requests without your authorization, this could be an attacker trying to get to your other accounts.
Hackers may ask you these codes in a hurried or fraudulent manner. Always remember that these are strictly confidential. Never give them to anyone.
5. Breaches and The Dark Web
Remember that when a website is breached, username and passwords may then be sold in the dark web. Reused passwords are big threats to any account.
6. Auto-Require Password after Inactivity
When you leave your computer unattended in public, malicious individuals may surreptitiously access your accounts.
That’s why you need to lock your device with a PIN or password. Much better, enable automatic lock after a few minutes of non-usage and develop the habit of logging out of websites when you’re done using them.
7. Multi-Factor or Dual-Factor Authentication
A dual or multi-factor authentication (2FA or MFA) is a mechanism in which you verify your identity through another method. This is required after entering your username and password.
It provides you a system-generated code or requires your to approve a pop-up window in a mobile device. Sounds annoying? It’s not that bad. Here’s an example:
Once you enable 2FA in your Gmail account, every time you log in, you will be asked to do another identity-verifying activity: It can either be opening your Gmail app and clicking “Yes”, or opening your Google authenticator app to get the system-generated code which changes every 20 seconds.
2FA/MFA is crucial because it will prevent hackers from logging in even if they already cracked your password.
8. Train Your Employees
Once the basic foundations of password-management are in place, the next most important thing is to train your employees. This training includes:
- How to create strong passwords
- How to recognize a phishing e-mail
- What websites to never access
- Proper use of company devices such as never accessing company email or applications with unprotected home PCs and devices.
At the end of the training, their agreement to an Acceptable Use Policy (AUP) is very important. This is for them to own their role in protecting company data and resources.
Never assume your employees know everything they need to know about cyber security.
Threats are ever-evolving, and attacks are getting more sophisticated by the minute, hence, regular cyber security trainings are important.
9. The One Password You Will Really Protect
The password to your email is the one thing that you have to protect at all costs. Make sure that it is highly-complex, hard-to-guess, and is always updated.
Why? Because your email is the direct gateway to all your clients, employees, friends or associates. A hacker can use your e-mail to steal from all of them.
Also, your e-mail is the default instrument to reset passwords on everything: CRMs, bank accounts, financial software, etc. A compromised email is a compromise of the rest.
Hackers can even access your notes, appointments and files in your Office 365 or Google account which they can take advantage of!
10. Call the Person for Highly-Confidential Transactions or Communications
Here’s a real-world situation: You receive an email from a legitimate email address whom you know and trust. It could be your boss, spouse, or other trusted person. They may be asking for a confidential data such as social security numbers or tax information. They could also ask you to transfer payments to a different bank account.
Despite of all signs of legitimacy, this can still be done by hackers who have intercepted email messages and modified them.
If this happens to you, always double-check by calling that person to confirm. Even if that person indeed requested such confidential information, never send such data without password protection or encryption.