Data breaches are not always the result of sophisticated snooping techniques. Studies have proved time and again that a sizable number of data breaches were results of easy-to-crack passwords. Choosing a new password is therefore no easy feat today. And as the world goes increasingly more digital, the ‘right’ password would be the one that meets a whole host of requirements.
Surprisingly, forget common users, a dizzying number of the world’s CEOs and business owners also use ridiculously weak and dangerously simple passwords, such as “123456,” “password,” “qwerty” and the like, according to a new report.
It’s time to therefore wake up and smell the coffee. Here are some common practices you should follow to keep your password safe, secure and protected.
Keep strong and complex passwords
Passwords with simple phrases or dates that are significant to the user’s personal life are a common practice. But, this habit seriously reduces the strength of a password. Cyber criminals find it quite easy to get information such as birthdays and anniversaries. To avoid this, always create a password between 8-20 characters long and use as many characters as you can. If possible, try to make a combination of different numbers, letters of both upper and lower case, and symbols like %$&@# etc. for each password.
Don’t use the same password
Whenever you are creating a new ID, don’t use the same password you use for your email or other online services. This can make your information vulnerable Try to have different passwords for different accounts.
Never write down your password
To keep password safe, avoid storing a password on an online platform or in a physical notebook. Storing passwords in Excel is also risky and dangerous. You can only store your password in Password Managers as it is the simplest and safest way to store passwords.
Always logout from the device
While we often forget to sign out from an account especially if we are working from home PC or laptop, it is important to sign out every time you log in, doing so will assure you safety as well as help you in memorising your password. Also avoid auto-saving passwords, another mistake we do unknowingly when the device notifies you to save the password and sometimes you unknowingly tap OK. Not to mention, if you using a public network then logging out from that device is absolutely necessary.
Keep changing your password
Well, you don't need to keep changing your passwords every 60 or 90 days, it was a long-accepted practice, people use to make a schedule and keep changing your password time to time. But now you can use the same password unless you suspect that your passwords have been exposed. Hence, you don't need to periodically change them.
Free WIFI is a trap!
For that matter anything that is free comes at a price and more so in the digital world! Whether at the airport, in the hotel or at somebody else’s house, you should verify it, before accessing that network. You can use a VPN, to ensure that your traffic is safe and encrypted.
Make 2FA the norm
Two-factor authentication (2FA) or two-step verification offers an extra layer of security. Once you enable this two-factor authentication, you will need your password to log in to your account, along with a secondary login method — either a code, a login confirmation via an app or a physical security key. In other word, even if a hacker does uncover your password, they won't be able to access your account, without your trusted device (like your phone) and the verification code that confirms it's you.
What about going passwordless
Today, users are moving towards passwordless authentication. A passwordless authentication system is one that swaps the use of a traditional password such as biometric signatures, a secret token delivered via email or text message, cryptographic keys or PINS to verify users. Many believe passwordless authentication is the future and a big boon in a world full of bad actors.
Then what about passwords in Web 3.0...
As we enter the world of Web 3, would passwords become completely redundant? While we leave that debate for another day, just a word or two to log onto Web 3 in a hassle-free way. Producing unique signatures and determining the authenticity of a transaction is one of the key components of blockchain technology. So, in a decentralised web, each participant holds a secret key. They can then use it to identify each other. If done properly, it should be no more than a single button followed by a confirmation.
Keep these scenarios in mind as you navigate the Internet today — and of the future — and don't let yourself be an easy target!