Passwords are embedded into our day-to-day.
And whether we like it or not, these digital credentials help protect just about every aspect of our lives online, from eCommerce sites to our social media and email accounts. Pesky as they can be, passwords help keep some of our most important data secure.
But over time, ideas around passwords and online security have changed. And while passwords are still a first line of defense, there is more consumers can do to avoid having their information compromised.
Why are Strong Passwords Important?
The two most common ways passwords are compromised are through Phishing/Social Engineering of an individual or a website being compromised, exposing account passwords. However, we still want to consider a password to be your first line of defense against anyone attempting to gain unauthorized access to your devices and accounts. It’s the first thing cyber criminals will have to get past. So, we shouldn’t make it easy for them to guess.
What’s Changing With Passwords?
While password strength has always been important, what is considered “strong enough” has shifted in recent years.
Recent studies by the National Institute for Standards and Technology (NIST) have shed light on how passwords are actually used in the real world. Basically, in practical terms, additional complexity isn’t always better.
What also came out of these studies is the recommendation to leverage Multi-Factor Authentication (MFA) wherever possible. MFA provides you an additional layer of protection and is like having a one-time-use password, making it very difficult to compromise or guess. Another benefit of MFA is that you shouldn’t have to change your password often or even ever.
Note: Captcha checks do not represent MFA. Captcha only helps validate you are a human and not a computer.
What is “Big Tech” Doing to Help?
A lot of technology companies have been trying to help minimize the frustration with passwords.
Facebook, Google®, Twitter, and Apple® would all like to make it easier for you to access your information, while still making sure it is secure. All of these companies are working towards a world that doesn’t require passwords. At the same time, they want to make sure information and programs are secure enough that other organizations will still be comfortable using their services. The idea is fewer accounts across multiple services, but it will take time before consumers and organizations are comfortable with fewer – or possibly zero – passwords.
What is Now Considered a “Strong Password”?
The old complexity requirements led people to reuse their passwords across services. If for example, you had to remember complex password like “M@r6@R3+19” that qualifies as a “strong” password, why wouldn’t you reuse it?
Well, if your Yahoo! account’s password has been exposed as part of a security breach, then someone can take that password, find your other internet accounts, and try that password on them.
Therefore, the big change that has come along with this new approach to passwords is length over complexity. What this means is that it is more important to have something longer that is easier to remember than throwing in random, special characters that make it hard to remember. So, you go from “M@r6@R3+19” to something like “margaret is at Randys on the nineteenth.”
While the lengthy password may be “overkill,” many would argue it’s a lot easier to remember than the first one.
Now, not all services on the Internet offer MFA, so passwords are still, unfortunately, necessary.
With that said, here are a handful of tips to help you create strong passwords and better manage all of your online credentials.
Password Pro Tip No. 1: Use a password manager. This tip is likely the most important when your online service do not provide MFA for increased security. Instead of writing down your passwords, use a password manager to store them. There are several apps that can house your gauntlet of passwords in an encrypted database, requiring you to remember only one master password. You can also sync them across your devices. Using an app on your smart phone is better than allowing your web browser to remember them, because the apps will help you generate strong passwords.
Password Pro Tip No. 2: Avoid using identifiers. This includes things like your child’s birthday, pet’s name, hobbies, graduation year—anything someone could easily find out about you.
Password Pro Tip No. 3: Make them long but minimize the complexity. As in the above example, length is better, but not all systems will allow you only letters in your password. Throw in a number and special character that is easy to remember. When more complex passwords are required, a password locker can be a huge help.
Password Pro Tip No. 4: Don’t duplicate passwords. If you use the same password or variations of the same password across several devices or sites, you’re putting your data at even greater risk. With the same or similar passwords, it will take hackers less time and effort to do more damage.
Password Pro Tip No. 5: Don’t share passwords. You know not to tell people your passwords, but it’s also important to not have multiple users under the same username and password. Password-sharing commonly happens in the workplace, and it can put your professional and personal data at risk. You may think you’re simply delegating work, streamlining accounts, or accepting help while out of office, but you’re actually opening yourself up to a variety of vulnerabilities.
Password Pro Tip No. 7: Change passwords. If you ever think your account has been compromised, change your password as quickly as possible. Also, the more sensitive the information is, the more sense it makes to change your passwords on a regular basis. This is especially true where you are not able to us MFA.
Password Pro Tip No. 8: Don’t write it down. You have several different passwords and you’re changing them regularly. But as tempting as it can be, when you jot down your passwords, email them to yourself, or store them in a Word document, you risk having them fall into the wrong hands.
Your Privacy is Our Priority
Securing your digital banking accounts is one of the most important steps you can take to protect your financial future.
At Sunrise, we care about your privacy and security. Our online banking offers MFA to help you protect your financial information.
Apple is a trademark of Apple Inc., registered in the U.S and other countries)