Enhance Your Security with Basic Password Practices
Sep 1, 2024
4 min read
1
8
0
Software is the platform that everyone operates on the internet in their day to day operations. Most interactions require logging in to verify who you are and to pull up data you have stored with a particular application. When this happens, you have become a critical point of risk both for the software and your own data. This is where practicing good habits for password creation and management can benefit for protecting your information and all other users of the same software.
Hackers find the most success for breaking into systems through the use of login information. In the vast majority of cybersecurity incidents weak and reused passwords are the most common point of failure. Taking a few basic steps can make a major difference in improving the protection of your business infrastructure and protect your personal accounts at the same time. If you are in doubt, take a look at this report1 from Norton about the statistics of passwords used across the internet.
Basic Password Security Practices
There are five building blocks of basic password security practices you should follow to greatly improve password security. They are increasing the complexity of passwords, not re-using passwords for different accounts, increasing the length of passwords, storing passwords in a secured vault and when possible enabling multi-factor (or two factor) authentication.
Let's step further into how each helps you:
Complexity
Many password creation tools now require a mixture of upper and lower case letters, numbers (also called digits) and special characters. The more of these that are used, the longer it can take to randomly guess what the password could be. Also not using some of the most common passwords can help greatly also. This article2 by Cybernews goes into greater detail and could surprise you about what people use as their password!
Unique
A reoccurring behavior by people is the reuse of the same password for multiple different logins. This is very risky as when it gets stolen or guessed by a hacker, they will then try to login with the same information for other accounts that are associated with you. Always use a unique password for each account. You can use a vault (further below) to store them since remembering passwords is becoming increasingly difficult.
Longer
Length is a single greatest measurement of protection for a password. For each character over 16 you can exponentially increase the safety of your login information. This is because cracking a password increases in complexity by the number of characters that make it up. If you create a password of 26 characters or more, the password becomes harder to crack than one that is 12 characters and follows a uniqueness rules above. Mathematics is quite impressive when it comes to applying cryptography for protecting information!
Vault Stored
We all have a difficult time applying these rules and remembering more than five unique passwords. I myself have more than 400 unique logins for different accounts. A virtual safe should be holding all of your passwords for when you need them.
A password vault will require one password to unlock it, which will allow you to access and use your login information for other accounts such as servers, email and more. This is trusted and secure process that allows you to protect access to your information without having to type out, write down or remember all of the prior password suggestions mentioned above. *Remember to verify the provider you chose is a trustworthy company for protecting your information and that it can be used for all of the technology you are using.
Multi-factor (or two factor) Authentication
The last step is one you are likely familiar with in some capacity. This is to add a second method of verification for logging in. It could be a text message to your phone, a code from a code generator or a request to approve and enter a code through an authentication application. These protect account theft by requiring users to complete a second verified login action. In this way even if your password is stolen or somehow guessed, it will slow down or prevent access to the account until you are notified and able to change the password. Think of this as a backup protection for your accounts.
Where possible you should set this up and ensure that a backup code is stored physically in a safe to prevent loss of access to your account in the future.
Wrapping Up
In software development, we always aim to be the most restrictive in terms of access to information. We also strive to eliminate vulnerabilities or weaknesses in the code. We always ask our business customers to consider upgrading the security of their information technology networks as software security can only be as strong as the servers and company's cybersecurity defense behaviors. This is in the best interest of all parties as a better protected network means business continues to operate and make money for everyone involved.
Always remember that when you stop striving to improve, you fall behind. Keep learning and applying what you learn to the best of your abilities.
References
Stouffer, C. (2024, March 26). 139 password statistics to help you stay safe in 2024. Norton. https://us.norton.com/blog/privacy/password-statistics
Masiliauskas, P. (2023, November 23). Most common passwords: latest 2024 statistics. Cybernews. https://cybernews.com/best-password-managers/most-common-passwords/