Did you know that today (May the 4th) marks not only Star Wars Day, but (arguably) an even more important occasion, World Password Day.
https://www.youtube.com/watch?v=rierJ-3x_L0
Just follow these four simple steps to upgrade your security:
Step 1: Create strong passwords
The key to a strong password is length. Your passwords should be 8 characters long at the very least, and difficult for someone to guess. Avoid using personal information, especially if someone can find the answer on social media, or by searching your name online. In addition to length, secure passwords also use a mix of uppercase, lowercase, numbers and symbols.
This may seem daunting but there is a simple solution. Try using a passphrase instead of a password. A pass phrase is a short saying that you modify to become a strong password. For example, “Thund3r Sh0wers at Suns3t” would be a very strong password that’s also easy to remember.
Step 2: Use a different password for each account
Imagine if one key opened your front door, your car, your bank, and your safe. If someone got hold of your one key — poof — they have access to everything. That’s more or less your situation when you recycle passwords. If it’s someone has access to your one, key password, they have access to everything.
Cyber criminals know people reuse passwords, and after a major password leak, they’ll try using those passwords and email addresses to get into all kinds of sites. Often, it works.
Don’t get caught in this trap. The solution is simple: have different passwords for every online account. That way if one account is compromised you can rest easy knowing your other accounts are still safe.
Step 3: Get a password manager
A good password manager safely stores all your passwords, remembers them and can generate strong passwords for you. This makes it incredibly easy to use different, hard-to-remember passwords for every account, so you only have to remember the one master password to get in. All the security – less hassle!
But what if someone gets your master password? Luckily, quality password managers have prepared for this by ensuring they only work on your registered devices. That way, if someone tries to log in from an unregistered device, the password manager will block access until the user completes a second, or third login step, like entering a secret code that is emailed or texted to you. If you get an email saying someone is trying to login from an unknown device, you’ll know you should change your master password as soon as possible.
If you’re not sure where to start, we recommend checking out LastPass.
Step 4: Turn on multi-factor authentication
If you’ve ever used a fingerprint reader on your phone, you’ve used multi-factor! For example, when you download an app from an app store, it first checks you’re on a trusted device (Factor 1) and then verifies you’re you with your fingerprint (Factor 2).
If you’re on a computer, usually it’s like this: when you enter your username and password, you’ll be asked for a verification code that will be texted to your phone. Pop in that single-use code, and you’re in. Ta-da! Multi-factor authentication!
You can activate multi-factor in the settings for most major websites. Visit twofactorauth.org for a comprehensive list of websites and services that offer MFA.
Now what?
Well, if you’ve finished all that, you’ve already completed the most important steps. But you’re on a roll, so why stop there? How about:
- Taking the World Password Day Quiz to see how you stack up against other security best practices
- Reviewing the Readysell Security Guide to ensure you’re taking all the steps required to protect your business