By Lara Evans Bracciante
To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the fourth installment on the best practices to use when managing passwords and protecting your account security.
Passwords have become the bane and the blessing of our digital lives. We need them to protect our personal data and accounts, but keeping track of them can be tedious and frustrating. The good news is that following a few simple steps can help you protect your digital comings and goings and ensure your accounts are safe.
Best Practices for Passwords
- Use multifactor authentication whenever available. This is the process that says, “We have texted you a code to input here.”
- Implement different passwords for different systems and accounts. If your social media account is hacked and you’re using the same password on your bank account, this could cause a lot of trouble.
- Create long and complex passwords. These are harder to hack.
- Don’t use “real” words in any language. Hackers can set up “dictionary” bots that will literally try them all.
- Avoid using personal information, like pet names or kids’ birthdays. And never use obvious passwords, like, well, Password or Password123. Otherwise, getting compromised is just a matter of time.
- For your most sensitive accounts, some experts suggest you update your password at least every 10 weeks.
- Don’t share your passwords. Just don’t—even when it would be more convenient.
- Don’t write them down.
It’s pretty much a given that if you do, in fact, follow the above guidelines, you will never actually remember all your passwords. So now what?
Various devices and web browsers may suggest a strong password, something random and unrecognizable, and then store it for you until you need it. Is this safe? Well, kind of. The security of your device or browser password manager relies on the first line of defense to your phone or Google account, for example. If this is breached, your account access is now wide open. You may decide to go this route, and it certainly lowers the risk, but it doesn’t totally mitigate it.
Another option is to use a “real” password manager program, meaning an encrypted digital vault that stores all your secure password information. There are downsides to this, like you’ll still need to remember your password to your password program. (Yes, it’s exhausting, but don’t give up! This is important!)
Depending on what you need, there are free versions and some you have to pay for. Visit CNET’s “Best Password Manager to Use for 2022” for a snapshot of options and what’s best for you.
It’s easy to get complacent when you’re logging in to several different accounts each day, but being proactive is ultimately much more efficient (and a lot less stressful) than having to react after you’ve been compromised.
Lara Evans Bracciante is ABMP’s senior director of Information Technology & Member Service Operations.
• “Avoiding Social Engineering Scams: How to Spot Hackers Knocking at Your Digital Door” (Part 1 of ABMP’s cybersecurity blog series). Read Part 1 here: www.abmp.com/updates/blog-posts/avoiding-social-engineering-scams-how-spot-hackers-knocking-your-digital-door
• “Antivirus Software can Help Protect You and Your Clients” (Part 2 of ABMP’s cybersecurity blog series.) Read Part 2 here: www.abmp.com/updates/blog-posts/antivirus-software-can-help-protect-you-and-your-clients-5
• “How Safe is Public Wi-Fi? Implementing Best Practices in (Digital) Public Spaces” (Part 3 of ABMP’s cybersecurity blog series). Read Part 3 here: www.abmp.com/updates/blog-posts/how-safe-public-wi-fi-implementing-best-practices-digital-public-spaces