28 January 2022
Data Privacy Week: tips for stronger passwords
Everyone finds coming up with a good and strong password difficult. This is only logical, since we have many different accounts for business and personal use, and the requirements for a strong password seem to get stricter and stricter. But these strict requirements are there for a reason!
Therefore, on Data Protection Day today: 5 tips and advice for strong passwords, and – temporarily – our interactive Password Shooter. Can you distinguish strong passwords from weak ones?
1. Make your password unique
Passwords are the access to your e-mail, your digital workplace and all your accounts online and thus a favorite target of criminals. It is therefore crucial to come up with a strong password. A strong password is unique to begin with.
It keeps coming up in current news stories: in data breaches, login credentials including username and password are made public. Therefore, should you use that same password for multiple applications or accounts and it ends up with the wrong person, they can get into different accounts of yours.
Therefore, a rule of thumb is: make your password unique. Stay away from standard variants such as ‘welcome123’, don’t keep adding a new number to the end of your existing password and come up with something new for all your accounts. So under no circumstances use your business e-mail password for your Netflix at home as well.
2. Try a password sentence
A second rule of thumb is: the more characters, the better. Use at least 10, indeed alternating upper and lower case letters, numbers and punctuation. This really doesn’t have to be complicated, like “VdL_84H*-@0qR. On the contrary, three random words or a short phrase are just as smart, as long as you don’t use parts of your username, or your company or family name, for example.
Choose, for example, ‘frypan-COOKIE-racecar’: 27 characters, a mix of upper and lower case letters, two punctuation marks; virtually unbreakable. Provided you keep it to yourself, of course. But rest assured, remembering all those different combinations, of course, you don’t have to do it yourself. Because.
3. Use a password manager
Password managers are apps that act as vaults for all your passwords. This digital vault is in turn locked with an overarching password. You can use them to store your existing passwords, and to automatically come up with new strong passwords for you.
Nowadays, there are also many antivirus software providers and VPN clients that offer a package that includes a password manager. A kind of all-in-one security package for the home, in other words! Examples we recommend are NordVPN and Bitdefender.
4. Use two-factor authentication
You’ve probably seen it before: two-factor authentication, or 2FA, an extra layer of security. 2FA reduces the risk of a hacker gaining access to your online accounts by adding a second step to that password.
You can use two-factor authentication in three different ways; with something you know, something you have or something you are. For example, in addition to entering your password, you are asked a specific question that only you can answer, a code that appears on your phone, or a biometric (fingerprint or facial recognition).
Many of the world’s largest Web sites have made 2FA available from the accounts’ security settings, but then you have to utilize that feature yourself. The easiest way to take a moment to read up on it and get started is through the website authy.com – a provider that provides how to set up 2FA for various services via a practical guide. A simple and smart way to lock the digital door more firmly.
5. Review your existing passwords
You’ve probably heard of haveibeenpwned.com, the website where you can check whether your e-mail data has been leaked in a known or lesser-known data breach.
The Dutch ScatteredSecrets.com offers the same insights into known data breaches and also covers porn and dating sites, for example. There are billions of leaked passwords in the database. You can instantly query whether your e-mail was involved in a leak, and like haveibeenpwned, you can also set up notifications in case your e-mail turns up in a future incident.
The difference with havibeenpwned is that with a leaked account, you also get to see which password has become public – or at least potentially findable on the Internet – in the process. The idea is that it’s important to find out which of your passwords are on the street, so you know which ones you should never use anywhere else.
Security Awareness Training
On the people side of information security, there are many effective measures we can take to reduce security risks and increase employee information awareness. Awareways’ products and programs provide that solution. The training has a variety of learning formats, including short instructional videos, quizzes and other interactive exercises. Emphasis will be placed on securing accounts and protecting information.
Awareways online learning modules on specific topics from social engineering to phishing. The training courses are available in several languages, are offered on a proprietary learning platform in corporate branding (SSO linking possible) and provide a proprietary management and reporting environment for monitoring and evaluation. For more information, check our products.