5.6.21 – SSI
Russell Reeder, CEO of data protection company Infrascale, provides five best practices for password success to mark World Password Day.
According to National Day Calendar, we have security researcher Mark Burnett to thank for inspiring World Password Day. Burnett first encouraged people to practice good password cyber hygiene in his 2005 book Perfect Passwords. Intel Security would later take the initiative in 2013 to declare the first Thursday in May as World Password Day.
Below, Russell Reeder, CEO of Cloud-based data protection company Infrascale, has provided five tips for password success. Consider passing the list along to your staff or even blast out to your clientele.
Be Unpredictable
There are two common password attacks — Brute Force and Dictionary attacks. Both generally involve a bot, but can also be done manually and involve trying a sequence of numbers and/or common words like 123456. Hence, trying to crack a password using “brute force” or common “dictionary” words. To minimize this type of exposure, don’t make your passwords predictable.
Be Creative
Related to being unpredictable, consider creating a phrase and use the first or second letter of each word, or substitute a special character for letters and/or numbers. If you just don’t seem to have a creative bone in your body, you can always use a password generator. These are guaranteed to spit out some creative, and secure, password options.
Be Long
These days when you get asked to create a password, most have a minimum of 10-12 character length. The longer the password, the more possible combination and permutations of the password there are, and thereby the safer they generally are. However, don’t forget tips 1 and 2, because long common words and sequences of numbers are still easier to crack.
Be Smart
Believe it or not, one of the more common reasons passwords are compromised is because people share their credentials. Quite simply never, ever share your password(s)! Also, be mindful of phishing. This is where you receive an email or text message asking for you to confirm your details or take some other action where you need to enter your personal credentials.
These types of acts are becoming increasingly sophisticated and can look very legitimate, like an email from your bank. As a good rule of thumb, unless you make a request, don’t ever enter your credentials. Or, if you have any doubts, contact the organization requesting the information directly.
Be Fresh
Refresh your passwords regularly. While it may seem onerous, and even if you think you have finally come up with the most secure password ever, one of the best ways to protect your password is to change it up regularly.
In addition, you should use different passwords for different logins. Yes, a different password for every login. Having a unique password for all your accounts assures that if or when one is compromised the others remain protected. Pro tip: If you can’t remember all your passwords, consider using a secure password manager.