May 5th, 2022 marks World Password Day, the first Thursday in May. World Password Day is a good reminder for everyone to review their passwords, change them, and make sure they are strong and secure. How can you make yours stronger? Check out these three tips.
Not a password, a passphrase
Passwords can be hard to remember, which is why 76% of people use the same one for most, if not all, websites and programs. Using the same password for everything can be very dangerous, especially if it’s easy to guess. We encourage you to create a passphrase instead. A passphrase, like lyrics from a song, or quote from a favorite movie, can be easy to remember, but very difficult to guess. Combining a phrase with upper and lower case letters, numbers, and symbols will make it even more difficult for a hacker to guess. The National Institute for Standards and Technology (NIST) has a helpful video on how to create a strong passphrase here.
Use as many different passwords as possible
Because using the same password for different websites, programs, and institutions is so common, hackers know that if they can get just one they probably will have access to all of your accounts. It’s important to use as many different passwords as possible, that way if one is compromised, not all of your accounts are at risk. If it’s difficult for you to remember different passwords, try using a protected password vault. These programs will protect all of your passwords, so you’ll only need to remember one to access them.
Utilize multi-factor authentication
Most websites and institutions will require multi-factor authentication (also known as MFA or 2FA), in addition to a password. Why? Because having a single barrier of entry is no longer safe enough. Multi-factor authentication is using a second method in addition to your password in order to verify that it is in fact you that is logging in. Common MFA tools include apps that send an alert to your phone asking for verification. Text messages, key codes, and other devices and services are also methods that can be used for MFA. The general rule for multi-factor authentication is: use something you know, something you have, and/or something you are.
Should your password be compromised and a hacker attempts to log in, they will be forced to send a notification to you asking for ‘verification’. Only verify if it is really you attempting to log in. If not, contact the company or login administrator as soon as possible.
World Password Day: Change your password
Finally, a simple way to protect yourself is to change your password(s) regularly. If your organization doesn’t already require regular resets, then set a reminder for yourself to change yours at least every 6 months, if not sooner, starting with today, World Password Day.