Lock It Down

Everyone reading this has at least a handful of online accounts. Strong passwords are your first and often only line of defense against unauthorized access. It's easy to get complacent, but the security of your personal information depends on creating strong, unique passwords for each of your accounts.

A Brief History of Passwords (and Why They Matter)

The idea of passwords dates back to the early days of computing. What started as simple codes and PINs has evolved into a complex and crucial aspect of online security. In the past, simple passwords were the norm, but as cyber threats grew, so did the need for more complexity. We've moved from simple passwords to policies requiring mixed characters, and now to the widespread use of password managers.

Because most organizations have not made the leap to newer and more secure authentication technology (talking about biometrics, tokens, etc.) for most of their customer-facing logons, passwords are everywhere. And we are generally required to use them if we want the convenience of online access.

The Problem: Weak Passwords are Everywhere

Despite widespread knowledge about password security, many people still use weak, easily guessable passwords, or reuse the same password across multiple sites. This makes them easy targets for cyberattacks.

Did you know that modern computers can crack most passwords under 16 characters in a matter of seconds?

Today's Best Practices: Building Defense in Depth

Here's how to level up your password game:

Embrace Passphrases: For those passwords you absolutely need to memorize, use a passphrase instead of a single word. Think of a sentence that's easy for you to remember but hard for others to guess. For example, "I love eating pizza on Fridays!"

• My favorite Passphrase Generator

• Check out the end of this post highlighting security basics for a great comic on passphrases.

Length Matters: When using a password manager (more on that below), prioritize length above all else, followed by a mix of letters, numbers, and symbols. Generally, over 25 characters is considered secure (or the most allowed by the platform you’re trying to create a password on).

Avoid Personal Info: Never use easily guessable information like birthdays, pet names, or common words.

The Power of Password Managers: Password managers are now essential tools. They generate and securely store unique, complex passwords for each of your accounts. They also autofill passwords, making your online life easier and more secure.

• Recommendation: If you aren't using a password manager, take the time to set one up today. Some popular options include ProtonPass, 1Password, and Bitwarden.

Regular Password Updates: Change your passwords at least every two years, and never reuse them across multiple sites. If a hacker gets access to one of your passwords, they'll try it on all your accounts.

Beyond Passwords: The Importance of Unique Usernames

While strong, unique passwords are crucial, don't overlook the importance of your username. Using the same username across multiple sites can make you a target for credential stuffing attacks.

Why Unique Usernames Matter:

Prevents Targeted Attacks: If a hacker knows your username for one site, they can try that same username on other platforms. Using unique usernames makes this tactic less effective.

Privacy Enhancement: A unique, non-identifiable username can help protect your privacy. Avoid using your real name or easily recognizable information if you want more privacy (or you’re also using an alias name for a service).

Leveraging Alias Emails for Ultimate Uniqueness:

Many platforms require an email address for registration. To create truly unique credentials for each site, consider using alias email services.

What are Alias Emails? These services allow you to generate unique, temporary email addresses that forward to your main inbox.

Benefits of Alias Emails:

• Privacy: Masks your primary email address, reducing spam and potential tracking.

• Security: If one alias is compromised, it doesn't expose your main email account.

• Organization: Helps you track where you're receiving emails from and identify potential data breaches.

Tool Recommendation: Services like ProtonPass offer features to generate alias emails on the fly, making it easy to create a unique email address for every site you use.

Take Action Today

Your online security is your responsibility. Take a few minutes today to review your passwords and implement these best practices. It's an investment that will pay off with peace of mind.

Stay safe out there.

Thank you for reading!

Elevate the Cybersecurity Skills of Your Staff with our Security Mentor Service!

Need security but don’t have a budget for dedicated staff?

Our Security Mentor Service offers personalized guidance, expert insights, and individualized sessions to build your security internally. Reducing risk and saving money on contractors and managed services by empowering you or your staff.

Start today and unlock potential, boost security, and provide value to your team!