When it comes to creating passwords, the requirements for strong password creation seem to be a moving target. Why? Because hackers are always coming up with new ways to try to get access to your accounts.
So what are the latest recommendations? How many characters should it be? How often should a password be changed? Do I need MFA? Read on...
Change Passwords Every 60-90 Days
Passwords should be changed across all accounts every 60-90 days at the very least. Be sure you’re also using Multi-factor Authentication (MFA) on all your accounts and utilize a password manager to increase your password security and also help remember all the secure passwords you create.
Never Use the Same Password for Multiple Accounts
Having the same password across multiple accounts will end up being an issue when it comes to security. If a hacker gets your password, they will use it to access all your accounts! Always use different passwords. The golden rule in security is to never use the same password twice nor use any personal information in your passwords. Don’t use names, pets, birthdays, anniversaries, addresses, SS numbers, children’s names, etc. for your passwords. Passwords should always be a random combination of letters, numbers, symbols, or unrelated phrases.
Password Strength Should be Strong
Passwords should always be strong. Weak passwords will allow hackers to quickly crack your password. The current recommendation is to use at least 14 characters with a mixture of upper and lowercase letters, numbers, and symbols. Another option is to create a password using a favorite long quotation by selecting the first letters of each word as well as punctuation. For example:
“Be yourself; everyone else is already taken. -Oscar Wilde 1854”
becomes this: By;eeiat.-OW1854
Use a Password Manager
Obviously, the longer the passwords are and the number of passwords needed can cause headaches when it comes to remembering them across all your accounts. Password Managers are great for not only storing your passwords but can also be used to help create truly complex passwords to hack. The password manager you choose should store the passwords you create in an encrypted database.
Never store your passwords in a Google doc or Word doc as any hack on your account will give away the keys to your security kingdom.
Install Multi-Factor Authentication
When it comes to account security, MFA is your best friend. It's an excellent failsafe for when your password is hacked. With MFA turned on, you will be notified to approve account access attempts. Without approval, the hacker is denied entry. Learn more about MFA.
Make Time to Change your Passwords
Make sure you set aside enough time to go through all your passwords and update your password manager with the new ones. Doing this every 60-90 days requires dedication and time. However, the time you spend securing your passwords correctly is time and stress you'll save after having been hacked and trying to regain access to your personal and financial information.
For questions on password security best practices for your organization, contact PCS.
To help educate your team, access a downloadable PDF of the Password Security Best Practices.