How to create & protect passwords: Cybersecurity Awareness Month
Updated October 12, 2023 | Published October 12, 2022
- Security & Fraud Prevention
What is password protection?
Password protection is an important way to keep your online information safe from cybercriminals. Passwords are strings of characters used to verify the identity of a user during the authentication process, and they are one of the most common security measures across the web. Things like your online banking accounts, social media profiles, streaming services, and online shopping sites like Amazon all require passwords to log in and access your information. The tips in this blog will help you keep your passwords and personal data secure.
Avoid password fatigue
Do you ever feel like you have so many different passwords that it’s hard to remember all of them? Maybe instead of juggling multiple different passwords, you’ve decided it’s easier to just use the same one for all your online accounts across the web. Microsoft calls this “password fatigue.”
According to Microsoft, the average person has more than 150 online accounts that they manage passwords for. With so many accounts, it may be tempting to use the same password everywhere. But using the same password, or using weak passwords, can lead to the loss of personal, financial, or medical information. If a hacker gets into one of your accounts, it won’t be hard for them to get into all of them. The effects of this can be detrimental, and will cost time and money to correct. Create strong passwords to keep your accounts safe.
Creating a strong password
Password protection starts when you first create a password. Most organizations that require you to create a password-protected account already have requirements in place that you need to follow. For example, your password may be required to be longer than 12 characters and/or use at least one number, uppercase letter, and special character or symbol. This is to prevent you from using passwords that are easy to crack like “password” or your last name followed by birth year (information that is easy for a hacker to find and likely one of the first things they’ll test).
Avoid easy-to-guess passwords
Cybercriminals may use brute force attacks through trial and error, or dictionary attacks which try every word in the dictionary and their variations, in their attempts to crack a password. These are some examples of weak passwords from Microsoft that you should avoid using:
The chart below from Hive Systems shows estimated times for how long it would take a hacker to crack your password using brute force. Notice how simpler, easy-to-guess passwords can be cracked quickly, while longer and complicated passwords are more secure. This time sheet will change as technology changes, so it is important to stay up to date on current best practices for password creation.
Tips for creating a strong password
Instead of using the simple, easy-to-guess types of passwords highlighted above, try creating a password with one or more of these methods:
- Create a password from uncommon words that also include numbers and characters.
- Use full sentences you can remember.
- Put sentences into code by doing something like taking the first two letters of each word to create something unique. E.g. “The quick brown fox jumps over the lazy dog” becomes thqubrfojuovthlado
- Swap letters with numbers. For example: swap E’s with 3’s or O’s with 0’s.
Protect your password
Cybercriminals use many different tactics, to obtain passwords on their own. But there are also techniques in which the hackers will trick you into handing over your own password through things like phishing or malware. For this reason, always be wary about links or attachments. Check out our list of the most common scams in 2022 to learn more about ways scammers are tricking consumers so you can spot the signs.
Best practices to keep your passwords safe
- Never write your password down.
- Shield your device screens and keyboards from anyone who may be looking over your shoulder when entering a password.
- Avoid using public Wi-Fi when accessing personal accounts. This makes it easy for someone using the same Wi-Fi to steal information.
- Install antivirus software on your computer to protect you from password sifting malware.
Use additional password protection – multi-factor authentication (MFA)
Unfortunately, no matter how strong your password is, there’s still a chance it could be cracked, and even the most vigilant person could fall victim to a scam. To double down on password and account security, take advantage of multi-factor authentication (MFA) wherever possible.
MFA provides an additional layer of protection that can further strengthen yourself against cybercriminals attempting to steal your information. International companies like Apple, Amazon, and Facebook have used MFA, and we’re proud to protect our members’ accounts with MFA right here at Webster First Federal Credit Union.
How MFA works
MFA works by requiring two or more forms of identity verification in order to log in to your account. This means that even if your password is compromised, an unauthorized user would be unable to authenticate themselves when they reach the second requirement.
For example: after you’ve entered your password, you are then required to enter a special 6-digit code that is texted to your phone number. Only a person who has access to your phone would be able to retrieve this code, which creates a stopping point for the hacker. Additionally, protecting your phone by requiring a PIN, password, or other secure methods like Face ID to unlock it would stop any unauthorized user from getting the 6-digit code if they did happen to have your phone. The more layers of security you have, the safer your personal information is.
Visit our security page for more information about how Webster First protects you.