1. Make The Password Long
The longer your password is, the harder it will be to crack or guess. Any password longer than 8 characters will most likely be very secure but ideally you should make your password somewhere from 14 to 16 characters.
2. Complexity
When you create your password, make sure it doesn’t contain any logical progression of characters or numbers. Characters should be completely random and as mixed as possible. Don’t use any sequence of characters from your keyboard or include any other easily guessed phrases like your name, pet name, date of birth or other easily identifiable information.
3. Letters (Uppercase and Lowercase), Numbers, Symbols
You always want to ensure that your password includes a random mashup of characters such as letters, numbers, symbols like “#” and “@” and “!”. Also remember to include uppercase and lowercase characters.
4. Personal Information
Don’t include any personal information like names, surnames, pets, id numbers, pin numbers, car make or model. You want to keep your password as random as possible which will make it much harder to guess.
5. Old Passwords
We’ve seen users simply use their old password and add a character onto the end like an exclamation mark. You don’t want to do this because if your old password is leaked or known then your new password will be easily cracked.
6. Password Managers
Most password managers today sync your saved passwords up to a cloud service of some sort. The companies that create these password managers are at huge risk of being hacked or ransomwared and any stored credentials are taken. A good example of this in recent months is LastPass who were breached on 22 December 2022 and have recently released and updated statement on the breach which you can read more about here:
https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions
7. Writing Passwords Down
With the barrage of online services that we have to deal with in an age of everything online, users often keep their passwords written down on sticky notes or in a notebook. This presents a big risk to your online security if all of your passwords are in one place and can be taken off a desk and most likely used before you realise or have the chance to change your passwords. To mitigate this risk, we advise setting up multifactor authentication of some sort for every online service you use so that if your password does get stolen you will be notified when someone tries to log into your account.
8. Change Passwords Regularly
Changing your password at least every 3 months reduces risk significantly especially for highly critical or important services. Databases with hundreds of thousands of passwords are leaked all the time so changing your password regularly will ensure that any password you have used that is floating around the deep and dark web become useless.
Summary
In summary, passwords are still widely used by most users purely because they are the easiest form of security to set up quickly. In today’s I.T. ecosystem it is absolutely crucial to make use of multifactor authentication like two-step, tokens, smartcard, fingerprint, facial recogntion and many others.