Best practice for creating and managing passwords securely
Many people consider password management a tedious chore, but getting it right can help protect your personal information, business assets, and more.
To help you start, we’ve created this step-by-step guide to password management.
You’ll learn how to safely and effectively manage and protect passwords and the most important rules for avoiding password-related security risks.
How do Passwords work?
People may picture a long string of letters and numbers with no spaces or punctuation when they think of passwords. However, passwords are more than just letters and numbers. Passwords have a number of other components.
One of the most important is to make them more than just words or numbers. Instead, you’ll use words, special characters, and numbers to increase the difficulty and reduce the chances of a hacker guessing your password.
What is Password Management?
Password management is about more than just managing or storing passwords. It’s also about making sure you protect your personal information, security, and information assets. The most basic idea is to keep your passwords safe and secure.
You’ll use passwords for login, email, and other online activities, and you might also need to use them to access information or devices that could be vulnerable to hackers or that have sensitive data (think: your banking account, email accounts, social media accounts, or mobile device). Here’s how it works:
Some examples where we need to use passwords, passphrases, identifiable pictures, etc., are banks, schools, credit cards, emails, work logins, work search, kids’ accounts, entertainment, communications, and more and more. As far as the numbers go, all these requirements are increasing, and as far as complexity goes, they are becoming increasingly complicated to use and manage.
10 years back, I could put in 6 alphabets or numbers, and it was considered a safe, secure password. Today, I have to use alphabets in lower and upper case, numbers, and special characters with the strength indicators showing the password’s strength as we are typing it to understand how strong and safe the password is (in case there is cybercrime to crack down on the passwords).
Many companies will not let me use the parts of my name in the password. Then I have to associate my account to an image and keep the image in mind. Further, I have to answer some security questions (typically from 3 to 5). To add even more, I need to associate and confirm my account with a cell phone number every now and then! Then there is a separate 4-digit pin for bank ATMs etc. Even my voicemail has a 6-digit passcode!
Talk about complexity! Talk about memorizing!
Does technology help to protect our sensitive data? Yes! Has the technology complicated the issue and pushed us way more to manage passwords, security etc.? Yes!
So how do you manage these complications? Here are some dos and don’ts for it.
1. Use long, complex passwords.
2. Generate and use random passwords yourself.
3. Keep your passwords in an isolated, safe file. Write if you want. Even better is to spend a few bucks to have a dedicated drive, USB etc.
4. Use limited login attempts at all the allowed institutions. It means after 3 or 2 or 4 (whatever the set number is) unsuccessful login attempts, your account will be automatically disabled, and you will have to go either personally or call to prove your ID and then get your account reinstated. It doesn’t seem very pleasant initially, but it is a great tool to protect your ID in the long run.
5. Answer security questions in a non-traditional manner. Example; Name of the first dog. Traditional answer: whiskey. Non-traditional solution: Ihadnodog.
6. Always keep the current backup from your computer, such as in a USB drive.
7. Use a password manager. It makes it easier to access your passwords. With a password manager, you don’t have to remember many passwords or choose them manually. Instead, your password manager will give you unique, easy-to-remember passwords for every site.
8. Have a real complex master password for any file that you might be used to store and protect your sensitive information, such as passwords, security questions etc.
9. Often change your passwords. Update your record if you are managing it.
10. Delete the accounts you no longer need.
1. Do not use any online system to save and protect your data. Chrome or Internet Explorer may prompt you to ‘remember’ your login information. It might be a service provider tool like Norton protection. I personally call it a third-party dependency, and it can restrict, corrupt, or disintegrate at any time. Your passwords and other information are lost without any backup in this case; in the worst-case scenario, all of it could be available to someone else.
2. Never use the same password for more than one log-in portfolio.
3. Do not use easily guessable passwords such as abc123, 123ABC, 0123456789, XYZ etc. Cybercrime computers attack through the internet and try thousands of password combinations in a minute. They can easily guess the easy passwords and log into your account. The damage can take a lot to repair in this case!
4. Do not use a computer to generate random passwords.
5. Do not give access to unknown apps through social media.
6. Avoid using public computers in libraries, schools, restaurants, hotels, etc. If you do have to use it, un-check the “remember me” option before you log in and clear up everything after use, such as cookies, history etc. Make sure you are allowed to clear it, and that you are not violating any public institution policy.
7. Sharing a password is usually prohibited, so do not share your passwords.
Creating and managing as per these guidelines will help you protect your accounts and data safety for a long period.