Password Security Guidelines and Management | #itsecurity | #infosec


Research continues to evolve regarding password best practices in order to stay ahead of cybercriminals. While some of the following advice may sound familiar, others are based on new information.

Don’t get personal: Your job is to make life difficult for a hacker. Providing personally identifiable information (PII) in your passwords—such as your name, birthdate, home town, house number or pet’s name—that cybercriminals can uncover through public records or social media accounts gives them a head start at cracking your passwords.

Emphasize length: Generally, longer passwords are less likely to be cracked. Focus on generating passwords that are at least eight characters; even bumping them by a few more characters makes your password exponentially harder to guess.

Also, when possible consider using passphrases instead of a password built around a single word or a series of letters, characters and numerals. The passphrase should consist of at least several words. (It’s fine to use a nonsensical collection of random words.) Choose a passphrase that’s easy for you to remember, but don’t include any PII.

Use a unique password for each account: With an estimated 66% of Americans using the same password for multiple accounts, this won’t be popular advice.2 But it’s essential for your security.

Developing a password for every account limits the damage if your credentials are compromised. If you reuse passwords and a hacker steals that password, they can go on a devastating spree across multiple accounts that could wipe out your savings, max out your credit cards, hijack your social media accounts, seize your private photos, gain access to your contacts, damage your reputation and more.

Test your passwords: You might think your proposed password is airtight. But is it really? It’s best to check your password against a list of commonly used or easily compromised passwords before adopting the password. Some software tools will compare your password against previously held or exposed passwords for you.

Keep passwords confidential: In short, don’t share your passwords. That’s especially true when someone initiates a conversation with you and requests your password.

In general, keep your password as private as your PIN numbers. It’s that important.

Choose good security questions: Many service providers require you to supply the answer to a password recovery question when setting up your account. (You may need to provide the answer if you forget your password or want to change it.)

Avoid questions that hackers might be able to easily obtain or guess the answer, such as the name of your street or pet. You can also make up your own nonsensical answer to the question that no one else would guess.

Additionally, providers may provide a “hint” if you forget your password to prompt your memory. Remember that anyone who accesses your device will be able to see that same hint.

Avoid password auto-save: Computer browsers often offer to save your passwords and automatically enter them for you when you log into your accounts. It’s so tempting to take advantage of this because it speeds the log-in process and avoids taxing your busy mind.

But it’s a risky practice. If a cybercriminal hacks into your system, all your saved passwords will be available to them. And if anyone else in your household has access to your computer or phone, they’ll be able to see your passwords, too.



Original Source link

Leave a Reply

Your email address will not be published.

thirty three − 24 =