Today is World Password Day, so what better time to remind you to stop using something awful like Password1234 or your dog’s name.
While terrible passwords give us all a bit of a giggle, the consequences of using a bad password could be pretty catastrophic (sorry to be so dramatic).
3 tips for better password security
In the spirit of World Password Day, here’s three tips for better hygiene, starting with the length. Length matters, folks.
1. It’s all about the length
Complex is out, length is in. Historically, policies encouraged you to create complex p-words composed of lowercase and uppercase letters, numbers and symbols and it felt like they wanted a hieroglyph and the blood of your first-born child, too. But Secureworks reckons password-cracking tools are too advanced nowadays and these types of password recommendations have been rendered inadequate.
Fun fact: in December 2021, the World Economic Forum reported that an eight-letter password containing one uppercase letter could be cracked in as little as 22 minutes.
So instead of Spotthedog1!, aim for something like iL0v3mylA8rad0r$P0t.
If that’s too hard for you to remember, here’s our guide on password generators and how to use them.
2. Multi-factor authentication
This one requires some non-lazy behaviour – supplement passwords with multi-factor authentication (MFA, sometimes called 2FA for two-factor authentication). The reason is, no matter how schmick your p-word is, super important stuff like email or banking should have a little more protection than a different way to say you love your dog.
MFA/2FA requires a minimum of two types of authentication, typically consisting of ‘something you know’ (e.g., a password), ‘something you have’ (e.g., an authenticator app or cyber token) or ‘something you are’ (e.g., biometrics). Secureworks reckons the ‘something you are’ is the best type, as biometrics are super individual.
Here’s a little more information on MFA.
3. Don’t store passwords in your browser
We all do it. It makes signing into everything a lot faster on your browser. But while this option may seem convenient, it is poor p-word management. We delve a little deeper into the issues with storing passwords in your browser over here, but the TL;DR is that threat actors could access these saved credentials by manipulating cookies to steal credentials or stealing the actual device.
Password management solutions such as KeePass or LastPass securely store and encrypt passwords and passphrases, making it far more challenging for a threat actor to gain access to them, so they’re worth looking into.
If you want to practice better security hygiene as a whole, check out our complete guide to not getting hacked.