How to secure your passwords
Authored by a Symantec employee
Let’s face facts: it's easy to forget passwords. People often use simple words, such as a pet's name, or easy-to-remember dates such as a wedding anniversary. A hacker could try your name, children's names, birthdates and pets' names as passwords to get access to your computer. When they get lucky, your ID, privacy and financial security are all up for grabs.
The significance of employing secure passwords is subsequently more important than ever. Hackers are hungry for passwords, as they have substantial monetary value. Data breaches and password leaks easily leave thousands of accounts vulnerable to being accessed by cybercriminals. With two-factor authentication (2FA), you get an extra layer of security that hackers can’t easily access, because the criminal needs more than just the username and password credentials. You’re actually using it already and you may not be aware of it. Your ATM card is a 2FA method via your physical card and your pin number.
Protect sensitive data by learning more about the 2FA method and employing a few key password tips.
The 2FA Method
2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.
- Something you know – a pin number, password or pattern.
- Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
- Something you are – Biometric authentication such as a voiceprint or fingerprint.
How Hack-Proof Is It?
Nothing is 100% secure, and your account can still be vulnerable via hacking through password recovery options. Lost password recovery usually resets your password via email, and it can completely bypass 2FA. This can leave you vulnerable if the attacker has gained access to your email account associated with the account you use 2FA with. Be sure to monitor your email account for messages requesting password changes.
Password Security Measures You Need To Take
Use the following tips to create secure passwords:
Strong Password Creation
- Do not use personal information. It's strongly recommended that you don't include any words related to your name or names of family members or pets in your passwords. Also, don't include easily recognizable numbers like your address, phone number or birthday.
- Do not use real words. Password cracking tools are very effective at helping attackers guess your password. These programs can process every word in the dictionary, plus letter and number combinations until a match is found. Steer clear of using "real" words from the dictionary or proper nouns or names. *Use mixed characters. By combining uppercase letters with lowercase letters, numbers, and special characters such as "&" or "$" you increase the complexity of your password and decrease the chances of someone hacking into your system.
- Create longer passwords. It is generally recommended that passwords be at least eight characters in length. Probability dictates that longer passwords are harder to crack.
- Modify easy-to-remember phrases. One tip is to think up a pass-phrase, like a line from a song, and then use the first letter from each word, substituting numbers for some of the letters. For example: "100 Bottles of Beer on the Wall" could become "10oBb0tW".
Safe Password Storage
- Don't write them down. Resist the temptation to hide passwords under your keyboard or post them on your monitor. Stories about hackers getting passwords by dumpster-diving and "shoulder-surfing" are absolutely real.
- Use a password management tool. One way to store and remember passwords securely is to use a tool that stores your list of usernames and passwords in encrypted form. Some of these tools will even help by automatically filling in the information for you on certain web sites.
Password Updates & Management
- Change passwords on a regular basis. Online financial accounts should be changed every month or two, while you may choose to change your computer logon password every quarter.
- Use different passwords on different accounts. Don't use the same password on more than one account. If a hacker discovers it, then all of the information protected by that password could also be compromised.
- Do not type passwords on computers you do not control. When using your laptop in a Wi-Fi Hot Spot or a computer at an Internet café, you want to avoid any actions that require a username and password (such as online banking or shopping) because your data could be intercepted over the wireless network or with keystroke logging devices.
Passwords are just one piece of the protection puzzle. To create a safer environment online, you will also want to use a firewall and other security products that help keep hackers out of your system and protect your identity online.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.