7 Steps to Strong Password Security


3  Don't use personal information

4  Use a Passphrase

A strong password should be at least 14 characters. The longer the password, the harder it is to crack with automated tools.  The current trend is to use passphrases instead of traditional passwords.  A passphrase is a sequence of words strung together that is much longer than the traditional password. Passphrases are easy to remember and almost impossible to crack.

5  Implement Password Policies

A well-designed password policy will help protect your business from password attacks.  Businesses large and small need to develop and implement strong password policies with an automated means of enforcement.  Employees should be required to create strong passwords based on specific requirements such as length, complexity, history, etcetera.  Policies such as automatic account lockout after a certain number of failed login attempts will improve security by preventing brute force password attacks.  Developing a password policy can be difficult, but the most effective policies are based on layering defenses and password diversity.

Store Owner

1 Multifactor Authentication

Something you have, something you know, something you are.  These are all possible factors a person can produce to gain access to a system or resource.  A password is one factor or type of authentication, something you know.  Multifactor authentication significantly improves all aspects of security by requiring an additional verification factor that is much harder for an adversary to obtain, such as a key, smartcard, or biometric fingerprint.

2  Use complex passwords

A strong password is a long password and the more complex, the better.  A complex password contains a combination of alphanumeric, mixed case, and special characters.  While password length is more important than complexity, using uppercase and lowercase letters, numbers and symbols is much harder to crack.  Cybercriminals can crack weak passwords in seconds, yet "password" and "qwerty" 
are still amongst the most popular passwords in the world.  When you create or change a password to protect your online accounts and devices, keep in mind that you are creating the most important layer of security that protects your data and your privacy.

You may be putting yourself at greater risk by using personal information for your passwords such as a nickname, a pet's name, or something pertaining to the company you work for.  This information is often easy to find on social media and other sources, making it easier for cybercriminals to hack your accounts.  Cybercriminals targeting specific individuals in an organization are more likely to 
crack context-specific passwords containing personal information.

A Young Man Writing

6  Store Passwords Securely

Password managers are a great option for individuals and businesses to generate industrial strength passwords for every account and store them securely in an encrypted vault.  With password managers such as 1Password or NordPass, you only have to remember one master password.  It is not a good idea to let your web browser save passwords for you.  Browsers save passwords for convenience, not security.  Passwords saved in browsers can be retrieved easily by cybercriminals or anyone snooping around on your computer.  If you do not need a password manager to handle very complex passwords, you can try another method to store unique passwords for all your accounts in a separate location.

7   Use Unique Passwords for Every Account  

Cybercriminals exploit password reuse vulnerabilities, recognizing that most people will reuse and recycle the same password dozens of 
times.  You should use different passwords for all your online accounts and devices so that if a cybercriminal cracks a password, they won't have access to all of your accounts. Exposed passwords are widely available on the dark web and other websites.  If you are still using the same passwords even after a breach, you are at risk of having your accounts compromised again.  Be sure to use unique and strong passwords for each of your online accounts, especially your most sensitive accounts.