How To Protect Your Passwords
Password Hygiene Best Practices
Nathan Hunstad – Principal Security Researcher and Engineer, Code42
These days, people use countless passwords for many daily activities and tasks. These passwords protect your most sensitive data, whether that is financial data, health data, or just your favorite family vacation photos. Because passwords are so important, criminals are always working to capture, compromise, or otherwise gain access to passwords to get to things that they shouldn’t. So how can you create stronger passwords and better safeguarding techniques for all of your important logins?
First, you need to understand how passwords can be hacked, then you’ll know how to create stronger passwords. Follow along below as we cover what you need to know about password hacking and crucial password protection tips to keep your important information safe.
How can passwords be compromised?
There are several ways that passwords can be compromised:
Brute Force Attack: A brute force attack is when an attacker tries a very large list of possible passwords, such as words from a dictionary, to try and guess the right one.
Credential Stuffing: Credential stuffing is when an attacker takes a large list of usernames and passwords from a data breach and tries them against other services, like banking websites, to determine if those passwords were reused and thus provide access to the account.
Hash Cracking: Hash cracking is when attackers gain access to a database of stored passwords that have been hashed, which is a way of obfuscating the password. They then attempt to reverse the obfuscation to get the original password.
Password hygiene tips to live by
With so many ways to compromise passwords, it may seem like it is impossible to protect your password and keep it safe. That is definitely not the case! By consistently engaging in a few password security tips and account best practices, you can dramatically reduce the chance that your accounts will be compromised:
- Use strong passwords: Use long passwords or passphrases that are complex and combine uppercase letters, lowercase letters, numbers, and symbols. The best passwords are long (more than 16 characters) and completely random.
- Never reuse passwords: Use a separate password for each service you use.
- Be careful where you enter your password: Beware of entering passwords on websites that don’t show the lock indicating that traffic is encrypted, opening links that you get via email, and working in untrusted wireless networks.
- Enable Two-Factor Authentication: While not strictly a password best-practice, enabling two-factor authentication (2FA) on every service that has it means that even if your password is compromised, the second authentication factor, such as an SMS text or a time-based code from an app like Google Authenticator, is still protecting your accounts. Use our instructions to enable two-factor authentication for your Crashplan for Small Business portal.
How often should you change your password?
The national institute of standards and technology (NIST) actually suggests people should change their passwords less often.
Consider changing passwords every three months, instead of every month. The only other time you’ll want to do a sweep would be when you get a security threat. If you have a reason to be suspicious, like you’ve received a Google alert email, or you have evidence of malware on your devices, then it’s time to do a complete password-change sweep.
If you already follow password hygiene best practices, then you do not have to worry about constantly changing passwords — you should have peace of mind that your important data is secure.
How can you remember many different passwords?
Of course, it’s next to impossible to keep all of your long, random passwords in your head, so using a password manager makes generating, saving, and using passwords much easier. There are many free password managers available that can manage your passwords for you, as well as paid services that provide cross-device syncing, sharing, and reporting.
Our expert advice: Choose whatever tool works best for you, as a password manager does no good if you don’t use it!
By taking these steps to protect your passwords, you can rest easy knowing you are doing all you can to protect your private data.
Protect your devices from malware threats
Keeping your devices secure will help you avoid becoming an easy target of malicious software threats. After all, the more difficult your information is to hack, the more likely a hacker will move on to their next target. As you work to incorporate these password protection tips, learn more about CrashPlan to see how you can improve your overall computer security for every device and every employee.