Our Best Practice Guide to Password Security
- No Comments
Never share your password with others
Passwords are the foundation of anything you do online these days, there are very few reasons to share your password. If you are ever asked for your password in an email or phone call, always be cautious and validate the person asking.
Use different passwords for different accounts
Using the same password across multiple platforms can be an enormous task to change all should the one account be compromised allowing hackers to use those credentials to access other sites. We recommend having levels of password from day to day services such as ecommerce websites through to more complex passwords only used for your most secure services such as banking.
Length over complexity
When you are considering a password, making it longer is better than making it more complex. We would always recommend a minimum of 9 characters. Make your password hard to guess, but easy to remember
- To make a password easier to remember, use a combination of words “BluePollockSandwich”
- Avoid using a single word followed by a number, for example Password1, dictionary hackers will guess your password in a short period of time.
- Don’t use personal information in a password that hackers could discover from social media such as your date of birth, pets name, favourite colour
Complexity is still good
To increase your password complexity, include upper and lower case letters, numbers, and special characters. A password should use at least 3 of these choices. To make the previous example more secure: “Blu3PollOckSandw!ch”
Using 2Factor Authentication (2FA)
Even better than simply a secure password, Two factor authentication provides far greater security, allowing you to authentication with a digital key or text message.
Use A Password Manager
Password managers are a great way to organize your passwords. They store your passwords securely, and many provide a way to back-up your passwords and synchronize them across multiple systems.
Check if your password has been leaked
When websites are hacked, sometimes usernames and passwords are sold online to other hackers to exploit other websites with those credentials. You can use a service such as https://haveibeenpwned.com/ to see what details have been released against your email address.