Choosing a strong password is one of the best ways to protect data and prevent cybercrime.
We recommend the following best practices for creating and managing passwords to help protect your accounts — whether they’re used to access employer or home networks, online services, social media platforms or commercial email inboxes — from cyber attack:
Make passwords as long as possible. Modern hacking tools can cycle through every possible eight-character password containing mixed-case letters, numbers and symbols in only a few hours. Some companies require employees to choose passwords with 24 characters.
Include special characters. Your password shouldn’t be composed only of letters and numbers.
Do not use dictionary words, even when combined with a number. Avoid commonly used words, such as “password” and “welcome.”
Regularly change your password. Many employers require password changes every 90 days.
Do not re-use passwords.
Do not use “password patterns” when changing your password. For example, a password containing a string of numbers should not increment as 1234, 1357 or 2468. And do not change your password by only one incremental character. Always randomize new passwords.
Do not use your email password for any other account. Cybersecurity experts say this password is typically the most important key to a person’s digital life. A hacker who has access to your email account could use the “forgot your password?” link on other websites you use — including banking sites — to gain access your accounts.
Do not use the same password to access employer and home systems.
When choosing a password for a home network, do not use your home address.
When choosing a password for an employer network, do not use your employer’s name.
Do not store passwords in an easily accessible location, such as a file on your computer or a note on your desk or computer screen.
Do not allow web browsers to store your passwords.
Do not share your password with anyone.
Enable multi-factor authentication when possible. Multi-factor authentication requires a uniquely generated security code or verification of identity, in addition to login credentials, before granting access to a network, application or website. Many financial institutions offer this added layer of security.
Consider a password manager application. Several applications will let users save a strong, randomly generated password once and have it instantly available on all devices. Examples are LastPass.com, Myki.com and Dashlane.com.
Disclaimer: The information provided is intended to increase security awareness. The password manager links are provided as examples of possible vendors. Cardan Capital Partners does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the vendors and do not necessarily represent the opinions of Cardan.