How to choose a secure password and stay safe online: step-by-step guide
Although people agree that using a username and password for online protection is old school, most mainstream websites still rely heavily on it. It is amazing to believe that the most commonly used password is still as simple as “12345” and many consumers still believe that the word “Password” makes for a strong password, I hate to say it….
So what’s the reason people don’t change their passwords? And perhaps even more importantly: why do website owners knowingly choose not to implement policies that at least block the use of those top 20 or 100 passwords?
Much of it is due to a combination of convenience and “user laziness”. It is reasonable to estimate that implementing rules requiring the use of complex passwords would permanently drive away between 5% and 10% of customers who simply cannot bother to invent and remember. of something complicated. No website owner wants to turn away customers.
According to a 2021 Data Breach Investigation Report (DBIR 2021), cybercriminals primarily target confidential data such as credentials and personal information that is often used as the basis for passwords. At retail outlets alone, these breaches included consumer payment details (42%), personal details (41%) and identifying information (33%). 95% of organizations that have experienced a credential stuffing attack, which is an automated injection of stolen username and password (“credential”) pairs into websites, have recorded between 637 and 3.3 billion malicious login attempts during the year.
A distracted person can (and will) forget a password within minutes of creating it. That said, here are some important password tips to remember to help you create stronger passwords.
Mix upper and lower case letters, numbers and special characters
To make it easier to remember, you can start with a word you’ll remember and then substitute numbers for certain letters, such as zero for “O” or the number four for “A.” Granted, including a real word might weaken your password, but good luck remembering a different random sequence for each website you use. (That’s how you end up with your password on a post-it!)
Take the time to complete all security questions
In most cases, you can recover or reset a lost password by answering the security questions, unless you skipped this step. Failing to answer security questions when setting up a new connection is a surprisingly common mistake among small business owners. Take them seriously. It will save you time and headaches down the road.
Secure your mobile devices
Lock your mobile device with a password. It is also important to review the security settings of your mobile applications. With many online banking apps, for example, you can set the app to disconnect after a certain period of inactivity, perhaps five minutes. This way, if your phone is lost or stolen, your important data will be locked even if someone cracks your four-digit passcode.
Set a date to change your passwords
Some networks and websites now require you to change your login after a few months, but with other accounts it’s tempting to keep using the same old passwords for years. To secure your accounts, place a recurring reminder in your calendar to update all your passwords at least every six months.
Two-factor authentication (2FA)
Use two-factor authentication without hesitation. Creating a strong password isn’t the only or best way to secure your online accounts. An additional layer of 2FA will provide you with the best security for your account. A temporary code, secret question, OTP or anything other than the password is how two-factor authentication works. Even if the hacker manages to recover your password, he will not be able to log in because he will not have access to the code sent to your mobile phone.
The use of CAPTCHA on registration forms is another security measure. These elements prevent so-called Quality of Service (QoS) degradation by bots or other automated programs. By using it, your site will not be compromised by hackers. Brute force attacks are generated by automated software. After recognizing that attempts to access the site are not made by a human, the CAPTCHA blocks access to the site.
Password managers are great tools for improving password security. These services not only provide a convenient way to store passwords, but also encourage the use of strong (and hard-to-guess) password combinations. Most of them also automatically generate random passwords. A password manager can autofill its users’ passwords via a simple plug-in, providing a generally secure and extremely simple method of maximizing password security.
Even people who are careful with certain accounts, such as online banking, can be content with passwords for email, for example, even though these tools can also contain a lot of sensitive information. Remember the underlying principle: good password management starts with being careful, strategic and consistent.
About the Author: Ali Neil is Director of Global Security Solutions at Verizon Business. The opinions expressed here are solely those of the author.
For more such content, keep reading Indiatimes.com.