Helpful TipsInternet Safety

Password Security

Writing down your email password “Unbreakable-in-year04” on paper and taping it to the underside of your keyboard is not a good password security strategy. Because the password is not visible to everyone does not mean it is secure. Anyone that has access to your area will in theory have access to your password on the bottom of your keyboard. Developing a strong password but not taking time to commit it to memory defeats the purpose. Your password should be something unique, difficult to guess, but easy for you to remember. This post offers suggestions you can implement to keep your password from being easily discovered, guessed, or cracked.

To begin, look at passwords you should not use. Start by generating a password blacklist of common words you are not allowed to use in creating your password. This idea takes a page from brute force attack tactics of using massive list of common passwords to figure out (crack) a password. Here you will be using it for defense by turning the idea around and creating a password that is not likely to appear on a hacker’s list. A common word with substitution of letters for numbers or special characters should be avoided. Take the following example, “p@ssw0rd” that replaces ‘a’ with ‘@’ and letter ‘o’ with zero. This is a common password that would be included on your blacklist of do not use passwords. It is recommended that you not use a password under 12 characters in length. This poses a problem since most individuals find it difficult to recall more than 10 characters. However, there is a solution to this dilemma which most everyone can implement.

From early childhood education most individuals have been trained to remember complex words. Crafting a long passphrase compromised of four or more words can yield a 14-character pass-phrase that is difficult for an attacker to brute force or dictionary attack. Additionally, you can easily remember the passphrase since it is an arrangement of words that you can organize best suited to you. For example, you decided to use the following four words; ripped, horse, hole, pants. This can be combined into a 20-character passphrase “horserippedholepants” or to better remember, add “in” to make it “horserippedholeinpants” which is 22 characters long.

To keep from having to recall multiple passwords every time you access an online account. A password manager program can be employed to store your different passwords. Password managers allow you to store multiple passwords for different websites you access. By having different passwords, you significantly reduce your exposure to online account compromise. The options available to you for selection of a password manager are abundant. Some password managers can generate password recommendations for your online accounts. Another feature they have is automatic alerts when one of the websites or services you use has been breached. If you decide to implement a password manager, select one of the more well-known names. A quick Internet search can provide you with the top five or ten password manager software names.

In addition to a strong password, use another authentication method in conjunction with it to elevate your password security strategy. Two-factor authentication (2FA) can be set up so you receive a onetime passcode via text, email, phone call, software token or hardware token that must be entered after your username and password. Google and Microsoft offer free software-based tokens for 2FA. Many websites have made 2FA available for users. Navigate to your online account security settings to check.  Using 2FA combines something you know (username and password) with something you have (i.e., mobile phone) to reduce the risk of cyber attackers accessing your online account data.

These four things combined will assist in ensuring your accounts are less vulnerable to cyber criminals. But remember there is no one “set it and forget it” online security strategy. You must remain aware of the tools available to you.

Don’t forget to bookmark Alabama Cybersecurity (https://cybersecurity.alabama.gov/) to stay informed on the latest issues and useful tips to stay safe online.