Top 4 password mistakes and how to avoid them

Top 4 password mistakes and how to avoid them

blog2-img

While it is true that multifactor authentication (MFA) significantly improves account security, it is no excuse for people to be lax with their passwords. For instance, if a cybercriminal steals the smartphone you use to receive one-time passcodes, then MFA won’t trip them up at all

In short, it still pays to use strong passwords in conjunction with other cybersecurity measures to keep unauthorized users at bay. To ensure that you’re using reliable passwords, avoid these password mistakes:

  1. Using passwords that are easy to guess
    Hackers know that birthdays, telephone numbers, and names of loved ones and pets are the easiest to guess, so unfortunately, you need to avoid those. Also, more sophisticated cybercriminals use software to try out passwords in an automated fashion. Their software taps into databases filled with countless commonly used passcodes such as “password” and “abcd1234” — weak character combinations that are easy to crack. This is called a brute force attack.

    This is why we’re always asked to use at least eight characters comprised of a mix of upper- and lowercase letters, numbers, and symbols. The longer and more unique your code is, the harder it is to be chanced upon by cybercriminals.

  2. Reusing passwords
    Because of the number of online accounts we amass, we tend to make life easier for ourselves by just recycling passwords. Unfortunately, that means that if an unsavory character gets wind of one such password — let’s say via a company’s stolen login credentials being sold on the dark web — then that person gains access to many accounts.

    To avoid this, use a password manager that has a strong password generator. With this, you always get a unique code, and you don’t have to worry about remembering any of them, save for the master password.

  3. Replacing passwords too frequently
    Resetting passwords on a regular basis is based on the notion that each password would be exposed for only a limited amount of time. This means that a password may very well be defunct when it is stolen and/or used by a hacker. However, if you’re not yet using a password generator, then you know what a hassle it is to come up with a strong and unique password. And whenever you’re required to change your password, the temptation to just recycle or rotate passwords increases, which defeats the purpose of changing it in the first place.

    What is password rotation?
    This is the practice of cyclically reusing past passwords or making only slight changes to expired passwords to pass them off as new ones. Often, the software that governs password reset prompts checks for password reuse only a few entries back. This means that you can reuse passwords if you go far back enough.

    Additionally, the software usually doesn’t require that the new password be very different from past codes. This means you can get away with a few character changes, such as updating the number that represents the month in which the reset happened.

    This introduces predictability. In fact, researchers at Carleton University found that if an attacker already obtained a password, then the latter can usually guess subsequent passwords quite easily.

    Only change your password when:

    • You have reason to suspect that your password has been stolen.
    • You think you’ve provided it to a phishing website.
    • Someone may have been looking over your shoulder when you were entering your password.
    • You’ve shared it with a family member or friend and now wish to close off the access you’ve granted them.
    • You feel that it is weak and needs changing.
    • You just feel that it’s time for a reset, that doing so will make you feel better.
  4. Keeping passwords in a readable format
    You must never write down your passwords on paper, plain text files, or spreadsheets. Paper records make it all too easy for other people to access your accounts, whereas electronic ones are easy to steal once your computer is hacked.

    Instead of jotting passwords down, write down clues that will help you remember them, then keep these clues away from public view, preferably under lock and key.

    Data breaches can make or break a business, which is why many firms in Kansas City rely on Umbrella to help them remain safe. Learn more about the benefits of proactive cybersecurity solutions by downloading our eBook today.


Set up a productive, efficient, and secure remote team that can help you run your business anywhere. Download our free eBook today to learn how!DOWNLOAD HERE
+