Passwords are challenging.

We’ve all experienced it: the struggle of creating an uncrackable password and, most importantly, remembering it. Most employees understand that one breach at their company can compromise thousands of user names and passwords. But how do we ensure the safety of our accounts and employees online with multiple accounts and remote/hybrid working? 

This World Password Day, let's examine modern password security practices that every employee should know and implement, no matter where they work.

Create a Strong Password

To keep your online accounts secure, you must use strong passwords. Strong passwords make it much more difficult for hackers to break into your system. Strong passwords are over eight characters and contain both upper and lowercase letters, numbers, and symbols. Remember to never use personal information, like your birthday or address. Instead of using a word from the dictionary, create a long sentence. The more complex your passphrase is, the more secure it will be. Have a favourite saying, song lyric, or phrase you often use in everyday conversation? Make this phrase your password. For example, ‘Que Sera Sera’. Now, personalise your sentence by replacing words with numbers or symbols similar to words. For example, the password could become ‘Q3eS3raS3ra’.

Use Different Passwords for Different Accounts

Did you know that, according to a report by network security provider RSA and the Ponemon Institute, 69% of consumers admit to reusing the same password on more than one device or website?

Having the same password for multiple accounts might seem convenient, but it's extremely dangerous. For example, if you use the same password for your email account as you do for online banking, a hacker could change your banking password and lock you out of your account. The best way to keep your information secure is by using different passwords for every account. So while it’s essential to use complicated passwords, including numbers, symbols, and capital letters, creating a unique one for each account is equally important.

Use Two-Factor Authentication

In addition to a username and password, two-factor authentication can protect access to your organisation’s software, information systems, and other resources. Two-factor authentication comes in many forms, but it requires you to confirm your identity with something you know (your password) and something you have (your mobile phone or your email address).

For example, when you log in to a website or use an app, 2FA will ensure you get an SMS with a one-time code that you’ll need to enter to log in successfully. This protects your account from being hacked because even if someone guesses or cracks your password, they won’t have the code to enter the system.

Use a Password Manager

Do you remember the last time you tried to log into a website or app and then realised you forgot your password?

We get busy, forget, and then reset our password. But if you use a password manager, you don’t have to worry about forgetting your passwords because your password manager stores them for you and even creates strong, unique passwords that are easy for you to remember. A password manager is like a book of all your passwords. You keep the book locked with one master key that only you know. So when you’re ready to sign up for a new site or app, pull up your password manager and copy/paste your password into their login box, and you’re in!

Stay Vigilant

It’s a common misconception that the only thing you need to do to keep yourself safe online is to use a strong password. But the fact is, even if you come up with an unbreakable password and never, ever forget it or lose it, a hacker can still steal it by using spyware that tracks your keystrokes. Keyloggers are malicious programs that can monitor what you do on your keyboard and give a hacker access to passwords, account numbers, and other sensitive information. The good news is that you can protect yourself from those keyloggers. Make sure your anti-malware and vulnerability management solutions are up-to-date and run regular scans to harden your systems and prevent intruders from entering them in the first place. In addition to this, don’t write down passwords anywhere.