Hackers are a pain. Their bread and butter is your secure information. They are tenacious, they are heartless, and they mean business.

How about some good news?  Following several password security rules can make not only individual hackers but the bigger data breaches much less of a danger.

Some more good news: You do not have to remember all these tips for every password. Password security is increasingly complex, and there are companies built on simplifying it for you. We suggest pairing a password manager with multi-factor authentication.

Pairing the password manager with multi-factor authentication will greatly reduce your risk of being hacked.

What is a password manager?

A password manager is a secure place to store your passwords and login credentials. It can even generate passwords for you according to your specifications for length and complexity. Using it means you will want to commit a single (secure and periodically changed) master password to memory.

Login credentials for online accounts can be housed in the password manager and changed at regular intervals without you having to memorize 101 ever-changing passwords. Some versions also allow you to securely share a password, a group of passwords, or access to a login without allowing the password to be seen by the recipient.

Which password manager is best?

That depends on your needs and current offerings. Industry rankings change year over year, so there is no firm answer.

Basics of a great password manager are:

• Reputable.
• Able to auto-generate strong passwords.
• Supports multifactor authentication.

Beyond this, a lot depends on your needs. Some reputable password managers are available at no cost, but sometimes the more advanced features are limited to paying customers. Features to consider when choosing a password manager include:

• Secure password sharing.
• Hidden credential sharing.
• Supporting single sign on.
• Allowing administration. (Creating rules across the organization, managing the access of new or departing personnel, etc.)

Schedule a call here to discuss implementing a password manager at your organization.

Breaking down the rules

Even if you use a password manager, you will want to have one master password that obeys all the rules in circulation. Why? Because a poorly guarded password manager password can cripple your security by allowing a hacker access to the treasure trove it holds.

The rules are frequently circulated as bullet points without any real explanation as to why they matter. If you want a fun math-y explanation for several, click here for a recent Scientific American article on the topic. If you want something a little easier to digest, keep reading.

From the beginning, it is important to know that a beginner hacker trying a bunch of passwords in a row can do only so much damage. They do not pose a huge threat. The bigger threat is a hacker with an algorithm that tries one password then the next without stopping. Given enough time, his or her system can try literally every possible combination. Time is key. Though computers can run through many password combinations per second, a well-crafted and well-hidden password takes a lot longer to break.

Bearing the second hacker in mind, let’s take a look at some common password tips and why they matter:

Why not keep passwords on a post-it somewhere?

It is incredibly easy to lose or inadvertently share passwords stored this way. Think of the last time you threw away a scrap of paper or failed to realize just what was in your video conferencing call.

Why use unique passwords?

If one of your accounts’ credentials have been hacked, they may be sold for pennies on the dark web. Unfortunately, the dark web is not just a figment of screenwriter’s imaginations. There your username, password, and other identifying information can be bought and sold for much less than you know they are worth. Using unique passwords limits the power of a hacker with one password.

Why use long passwords?

The longer the password is, the harder it is to guess or for a hacker’s computer to crack.

Why mix capital and lowercase letters, numbers, and special characters?

Using a combination raises the possible characters in any space incredibly. This makes your password much harder to crack.

To get a little math-y, consider a tiny 4-space password. If you were only using the digits 0-9, you’ve got 10 options for each space. That’s 10 x 10 x 10 x 10 = 10,000 possible passwords. By mixing those 10 digits with 26 uppercase letters, 26 lowercase letters, and 10 special characters, you have 72 options for every space. Your super short password would have 72 x 72 x 72 x 72 = 26,873,856 possible combinations!

Why avoid common words and combinations?

Many of the algorithms the hackers run have dictionaries of sorts that help them shortcut their way through the possible combinations. They try things like “password123” and “qwerty” before moving on to the big work of trying combinations one by one.

Why change the password regularly?

This is huge! Every time you change your password you reset the clock on any work a hacker may be doing to crack it. You also make the dark web lists of passwords associated with you obsolete. Even if your password is not as secure as you hope it is, changing it regularly will help keep the hackers from getting in.

Schedule a call here to discuss implementing a password manager for your organization. It will simplify your organization’s passwords and help secure your sign ins.