A data breach is a security incident in which unauthorized individuals copy, store, view, transmit, or use sensitive, protected, or confidential data that has been exposed. Breaches can compromise consumers by revealing personal identifiers, financial or health information, and other sensitive data that is valuable to identity-theft criminals.
As responsible consumers, it’s up to each of us to take proactive measures to protect our information when the inevitable happens and companies that house our data experience breaches. Although we’re powerless to prevent these breaches, that doesn’t mean we can’t mitigate the harm that we personally experience as a result of them. That’s where smart password creation and management comes in.
The following password-related tips can help keep you safe online.
Use Unique Passwords. Everywhere.
Re-using a password is like using the same key for multiple locks and giving the key out to multiple people. If hackers get their hands on one of your passwords, you can bet on them checking to see if that password works on other sites. That’s why it’s important to use unique passwords for ALL of your online accounts. Resist taking a nonchalant approach to creating an account on any site. You might be inclined to discount the potential impact of a data breach that involves seemingly non-sensitive personal information, but having this type of information compromised can have serious, unforeseen consequences.
The benefit of using unique passwords is the relative ease with which you can recover following a breach. Simply change that one password (or shut down the account) and get on with your life. No muss, no fuss.
Aim for Complex Passwords
A strong password is one that is built using the full alphanumeric range, consisting of upper- and lower-case letters, numbers, and other symbols (such as punctuation marks and mathematical symbols). Tools like RoboForm’s random password generator greatly simplify the task of creating random, complex passwords.
Create Passwords that are at Least 12 Characters
Longer passwords are more secure than shorter ones. A good practice is to create passwords that are at least 12 characters long. Length is critical for password strength because long passwords take longer to hack than shorter ones.
Good Passwords are Random
Another feature of strong passwords is randomness. Weak passwords, on the other hand, are predictable and easy for hackers to guess. They often incorporate personal information, such as your birthday, pet’s name, favorite band or football team, which can be gleaned from social media.
A survey conducted last year by the UK’s National Cyber Security Centre (NCSC) analyzed passwords associated with accounts worldwide that had been breached. The top 10 most common passwords were:
Activate 2-Factor Authentication (2FA) Whenever Possible
A 2019 article by Eric Griffith at PCMag helps clarify what 2FA is. He quotes Neil J. Rubenking, PCMag’s lead security analyst, who explains “there are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”
Although biometric scanners for retinas, faces, and fingerprints are gaining in popularity, the most common form the second authentication takes is a one-time-use numeric code that is sent to your phone via text message or an “authenticator” app on your phone. Google Authenticator (free on Android and iOS) is currently the leading product in this category.
In order to gain access to a 2FA-secured account, a hacker would need both your password and your cell phone.
TwoFactorAuth.org is a community effort to assemble a list of popular online sites and their implementation of 2FA. If a site supports it, you can tell at a glance what method they use. Facebook, for example, uses SMS codes, while Instagram allows you to choose between SMS and an authentication app like Google Authenticator.
Practice Good Password Hygiene
- Spend some time reviewing your current online accounts. Delete any unused ones that you can. Not all sites will delete accounts, but it doesn’t hurt to ask.
- Update all existing passwords to ensure they are unique and complex. Use RoboForm’s free online tool to evaluate the security of individual passwords.
- Set up 2FA for all accounts where it’s supported.
- Rely on a password manager like RoboForm to do the heavy lifting related to password generation and security.