In this day and age of technology, just about everyone has some sort of online account that requires a password. Whether it be a streaming site like Netflix, a shopping site like Amazon, or an email provider like Google or Yahoo, they all use accounts with usernames to identify individual users and passwords to protect that user’s personal information stored within the account. Passwords are a necessary protective layer for all users in order to keep their personal information from prying eyes with mal-intent. However, there are many questions that arise for account users regarding security. What makes a good password? How else can I protect my accounts and information? How am I going to remember all of my passwords? Can I use a password more than once if it is secure enough? We have the answers here.
What makes a good password?
Secure passwords are difficult for hackers to guess or figure out, which makes them an excellent layer of protection. It is important to create secure and unique passwords for each of your personal and business accounts. It is recommended that your passwords be long, but not necessarily too complex. Remember that while you want your password to be complex enough to secure your account, you also don’t want it to be too difficult to remember that you lock yourself out of your account as well. It is important to also keep your passwords unique. Try to avoid generic things such as sports teams, pop culture icons or references, and common phrases. It is best if the password is seemingly random. It is common for people to stack their upper and lower case letters and special characters in certain spots in their passwords as well. This trend weakens a password. Most people capitalize letters in the beginning, use lowercase letters in the middle, and special characters or numbers at the end of their passwords. By breaking out of this trend, your password becomes harder to guess for hackers. Spread out the capital and lower-case letters as well as the special characters and numbers in your password to ensure a more secure password. There are tools available to help you create secure passwords that are long and complex enough, yet still easy enough to remember.
If I have a secure password that I can remember, can I use it or multiple accounts?
The short answer is “NO”. It is not a safe practice to repeat passwords on different accounts. No matter how secure your password is, there is always the possibility that someone will be able to figure it out and gain access to your account, and once they have done so, they will be able to access any other account with that password. To mitigate breaches in your accounts, it is important to create one of a kind secure passwords for each individual account that you have, both business and personal.
How often should I change my passwords?
It is common practice for people to routinely change their passwords for an extra layer of security, however research indicates that there is no significant reduction in risk by changing passwords frequently. In fact, it only makes it more difficult for the user to keep track of their passwords. By creating a singular secure password, your accounts will be protected and accessible to you. This is why it is so imperative to create a secure password in the first place.
How can I remember my secure passwords?
If you have a good memory, then it should be easy for you to create secure passwords for each of your accounts and remember them. However, many people do not have a perfect memory and find it difficult to juggle multiple long and complex passwords. There are options! You can purchase or find a free password manager to maintain your passwords for you. There are many free and self-operated programs offered. Many web browsers like Google Chrome and Fire Fox offer a basic password manager that will store and sometimes even create secure passwords for your accounts that you frequently access. While these are convenient and free, they are very limited in their storage and password generating abilities. For a few dollars a month, you can buy a password manager dedicated solely to the security of your passwords.
What is a password manager?
A password manager is like a vault for your accounts and their individual passwords. Many programs require you to create one secure password for the vault that contains all of your other passwords. This way, you only need to remember the vault password to gain access to the rest of your passwords. Having one password for all of your other passwords is much easier to remember than each individual one, however, this master password must be all the more secure. Some of the top paid password manager programs available are 1Password ($3 a month) and Dashlane ($5 a month). LastPass is a free password manager and KeeppassXC is a free self-operated management system.
How else can I protect my information?
Passwords are a great layer of protection for your account information, but they are not the only thing you can use. A commonly used additional layer of security is authentication. Authentication security comes in many forms from codes sent to your phone or mobile devise via text message, call, or email to security questions with preset answers by the user. These additional layers are often offered by sites to their users and can also be added with extensions/add-ons or settings within the account. These additional layers can be added and adjusted by the user depending on the server the account is on. Another additional yet extremely simple layer of security can be found in the settings of most accounts that require a password. This feature is often ignored. Usually, there is an option for users to elect for the account server to remember their user name and password on a particular device or website. By selecting this option, the server or device stores your login information so that there is no need to manually enter your information to log in each time. Do NOT select this. If anyone has access to the devices that you frequently use or if you select this option while using a public device, people can easily access your account, perhaps even without your knowledge. To avoid someone gaining access to your account without your knowledge, it is possible for a user to create an alert system for their accounts. An alert system will notify the user via email or text message when a login attempt is being made and will sometimes ask for the user to verify if the attempt was valid. An example of this can be found with Google accounts. Their systems will notify the account user via email if a suspicious attempt was made to access their account from an area that they are not normally in or if a certain number of log in attempts were made incorrectly. Additional layers of protection like this are always recommended to ensure security.
Can I ever not use a password?
Yes and no. Strides have been made towards developing password-less accounts, but there are no current options available for a truly password-less account. Examples of these strides are biometrics or SMS operated accounts. Biometric accounts use things like fingerprints or facial recognition software to verify a user. Day to day examples of biometric accounts are the latest iPhones and Android models. However, these devises still require a PIN number or password to access the phone if the biometric software fails to recognize the user. SMS operated accounts are accounts that use the user’s phone number as a user name and instead of a set password, the system sends a generated code to the mobile devise via SMS to gain access to the account. Though there is no set password to remember, there is still a code required. This can be not only a hassle but also unsafe. It is easy enough for an unauthorized user to gain access to a designated mobile device and log in using the verification code sent to it. There are also physical keys being used rather than passwords to gain access to online accounts. Keys and codes are stored in devices like USBs, NFCs, and even over Bluetooth that can be used to log into accounts by connecting or plugging in the key. None of these options truly replace passwords, however, as they all require additional keys or security measures to enter into accounts. For the near future, there will always be a password for accounts somewhere, even in the background, for security purposes.
At Mazur & Associates, Certified Public Accountants and Business Advisors, we understand the importance of internet security. Like you or your Company, our firm has multiple business accounts, client accounts, and personal accounts that must be kept secure with passwords and other levels of security. If you have any other questions or need more details on this subject, please call us at (732) 936-1230 to schedule a meeting or telephone conference. We are here to help! Safeguarding your personal information should be a top priority and by working with our firm and other experts you can prevent your personal and business accounts from falling victim to hackers.