How to Work Safely from Home – Password Best Practices
In this installment of our security-focused series of articles we discuss the importance of passwords in keeping us safe, and how we can create and maintain the best passwords that make it very hard for attackers to obtain and use them.
This comes after we introduced the link between security and remote work, outlined the threats we might face when we work from home, and highlighted the impact of security breaches on our work.
The Importance of Passwords in Keeping Us Safe
Every door that we want to keep secure has a key that we carry around when we want to open the door. Passwords are the keys of the digital world; only better. Your keys can always be stolen, but your passwords… well, unfortunately, the way we use passwords also makes them liable to be stolen as well.
According to NetSec.news, 80% of hacking attacks are caused by stolen passwords. So it only follows that if we keep our passwords safe, we’re stopping 80% of attacks and threats to our security.
But why aren’t we keeping our passwords safe?
How Our Passwords Are Failing Us
The ways in which we misuse passwords are plenty. We give you a short list of the ways we could be jeopardizing our security with our passwords.
- Writing them down… ANYWHERE!
The first rule of passwords: They exist only in your head. As soon as we write them down, we’ve just lost the advantage of passwords over keys. Writing them down in the physical world means anybody with access to that room or drawer will be able to find our password. Writing them down in the digital world means that anybody who accesses our device (which includes those from the internet) can get them.
- Sending them to someone
Simply another form of writing them down, sending passwords or login credentials over email or IMs means that they can be accessed by prying eyes and stolen.
- Reusing passwords
Using the same password for all accounts means that if one is compromised, then all are compromised.
- Using passwords that are too simple
Passwords such as 123456, abcdef, password, bob’sdevice, etc. are all combinations that are in hacker’s libraries: they use these first when attempting to brute force an account.
Password Best Practices
As we started this series saying: most security threats are caused by human errors, and poor password hygiene is one of the most common errors that affect security. Creating strong passwords and diligently maintaining them is the first line of defense against attackers. If we don’t want people to open our doors, we have to make sure we safeguard the keys!
Here are best practices regarding password creation and maintenance.
How to create a good password
You’ve heard this over and over again every time you’re asked to create one. Sometimes we might not recognize what a complex or strong password looks like or be able to identify whether the one we’ve just created passes the criteria.
The idea is to create it such that it will take an incredible amount of time to crack so as to render it a fruitless endeavor.
Here’s the drill:
- Use a minimum of 10 characters: Or more, if allowed. The more characters you use, the harder it will be to crack.
- Use a greater character set: This increases the possibilities in each character, thus taking longer to brute-force. Include capital letters, small letters, numbers, and special characters, whenever allowed.
- Never re-use passwords for multiple accounts: If one is breached, the attacker will have access to all accounts using that password!
- Change your password if you suspect a breach: Though some sources suggest routinely changing passwords, many experts are currently recommending creating strong, unique passwords, and only changing them if you think they’ve been compromised.
- Don’t use well-known or easily guessed or obtained passwords: Examples include P@ssw0rd, 123456, abcdef, or any word in the dictionary, as well as any well-known phrase (HastaLaVista,baby.).
- Don’t use any personal information: such as your mobile number, your name, the name of a family member, or any other personal info.
- Use a passphrase, rather than a password: A passphrase is a string of random words that aren’t related to the account or to you. An example would be “HorseFeedChickenBook”. The problem with these is remembering them, which you can imagine as a picture (a horse feeding a chicken a book). If you add numbers and symbols, then you’ve got a pretty good password.
On Password Managers
Another method of protecting your accounts is using a password manager. These applications can generate passwords of random letters, numbers, and symbols when you create accounts, and recall and enter them when you need to login. They’re so difficult to crack, even YOU don’t know them!
The only password you need to create and remember is the master password for accessing the password manager itself, which you can create using the advice above.
Needless to say, these apps are heavily fortified against attack.
Wrapping Up
We hope we were able to guide you through the process of creating powerful passwords for your accounts. The importance of passwords really underlines the fact that most security boil down to user behavior.
Keep on working to keep yourself safe as you work from home or from the office.
Stay safe!