Personal password security is almost always overlooked – even unfortunately by some techie folks. We’ve been getting this question a lot the last few years and the recommendations will always change over time with improving technology vs. skill levels of the company or individuals. If you haven’t noticed, passwords are an archaic security option today – esp. with the improvement to multi factor technologies such as Duo, facial, finger, card readers, Google Authenticate, etc. I look forward to seeing how this improves over time. There is some cool tech coming down from startups, Microsoft, and other companies that should help a lot in the coming years – esp. in the areas of data security and finding if your passwords are on a list on the dark web.
Part of the answer to the password security question falls upon your abilities as well. If the solution doesn’t work for you, you will end up reverting towards the way it’s been for 30 years. To be more secure, it does mean you may need to learn a few new things and have some patience. Remember, it takes a heck of a lot more time recovering from a hack or stolen identity then it does to change your passwords on a regular basis and utilize multi-factor.
Again, the following is written more for the individual in mind, not necessarily a business. A business of any size must have their password security protocol in place and reviewed by professionals like Network Medics and our VitalCare Managed IT Services. Note: We always recommend multi factor with a strong password policy.
So with that said, for you personally, here are my suggestions:
- First, change your passwords often – at an absolute minimum every six months. Yes, its annoying, but so is someone opening a credit card account in your name. If you are still using your password from a year ago, or cycle between a list of password you’ve used for years (very common), there is a high chance it is on the credentials lists that are sold on a daily basis on the dark web. Personally, I change them every 90 days and never use the same one twice.
- Use multifactor ANYWHERE it is available. Banks, social media, websites, forums. Whether its a texted code or Google Authenticator, USE IT!
- Use a sentence, jingle, poem, or song to remember your secure password. Like the Alphabet song, the human brain remembers those better. Just make sure you add a number and a symbol in there too. Let’s say you are a huge Pink Floyd fan. “Wish You Were Here” is a popular song – how about W1shUwereHer3!
- Make sure any password is 12 characters or longer with a symbol, capital letter, with a number. Using a song, its not that hard. Don’t use a word or words in the dictionary if at all possible.
- Code useage is not popular with some folks, but I like it personally. Use a code instead of writing a password down exactly on a piece of paper or on a spreadsheet. e.g. The code for W1shUwereHer3! above you could put on a password list as “PF-W.” i.e. Pink Floyd Wish You Were Here password. Then if I forget that password somehow I will remember which one it was based on the code.
- If you are one of those that makes a password list in a spreadsheet or document, make sure it is encrypted. Word and Excel have an easy way to password protect them. Although this won’t stop the best hackers, it will keep the honest-honest. Just make sure you do not forget that password to open the document! To do this in word, excel, or powerpoint, File > Info > Protect Document > Encrypt with Password. I like to save this encrypted password document on an encrypted flash drive and put it in a safe place.
- I simply do not trust online/cloud password services. I can’t think of a larger target for hackers. However, my concern is more the internal issues of staff – not necessarily hackers. Like with any cloud service, you need to assume someone other then you has access to your information, passwords, etc., so that isn’t secure in my opinion.
- I also use a local password program called KeyPass. Similar to encrypting your word or excel document, Keypass is a solid program to help you store your passwords securely. If you are comfortable saving its required password file in the cloud, do that. Just make sure it is not just on your computer in case your computer dies. Make sure you have a backup of some sort just like your photos!
Is this the best list ever that all techs will agree on? Not likely. Is it better than probably most of you reading this right now are doing? Probably.
If I had to choose only one of the methods above, simply changing your passwords often will be the most powerful. I have 38 sites I use that have passwords. It takes me 1 hour to change the passwords every 90 days. Even if it took me 4 hours, I would still do it.
Partner of Network Medics
Minnesota Business IT Consultant