How compromised passwords lead to data breaches

Passwords and password management can be a tricky thing.  So much so that even experts can’t agree what the best approach to password management is.  This article isn’t going to solve that debate but it will highlight a few of the elements of password management that most experts agree with.  So without further ado, let’s take a look at some of things we should consider when thinking about passwords and password management best practices..

• Password Length

Most experts agree that the single most important factor when it comes to password security is password length.  With password cracking software getting better every day, it just makes sense that the longer your password is, the less likely it will get cracked.  Even if it is all lowercase, a 15-character password will take in the range of 100 years to crack with today’s technology.  So the longer your password is, the better it is.

• Password Complexity

Going hand in hand with password length is password complexity.  What is password complexity?  It is things like numbers, special characters, spaces, and upper and lower case letters.  Adding some of these to a long password will help improve the security of your password even more.

• Unique Passwords

A long password with some complexity is great but if you use that same password for all of your various accounts, you reduce its strength.  Why?  A common method that attackers use is to acquire entire databases listing the sites, user accounts, and passwords gathered from previous hacks.  Using the same password for multiple sites/logins increases the risk of your accounts getting hacked.  Always ensure that your passwords are unique.

• Multi-factor Authentication (MFA)

If multi-factor authentication is an available option, it is always better to use it.  What is multi-factor authentication?  It is the use of more than just a username/password combination to authenticate.  Some examples of MFA include, the use of Capcha, the use of security questions, the use of randomly generated PIN numbers, and even the use of biometrics like fingerprint or facial scans.  With multi-factor authentication enabled, an attacker will need to know significantly more than just your password to successfully get into one of your accounts.

• Password Managers

Keeping track of your longer, unique passwords can get tricky.  How is someone supposed to remember all of the different combinations?  Keeping them written down in a notebook or on a sticky note stuck to your monitor is asking for trouble.  Thankfully, there is a great solution for this in the form of a password manager.  A password manager is an application that securely stores all of your passwords and other login information.  Many can help create strong new passwords, check online to see if a password has been compromised, and can even keep track of your multi-factor authentication codes.  Nearly all of them are accessed with a master password so as long as you can remember that one, you will have access to all of your passwords.  Password managers can also be configured to auto-fill your login information on websites.

With these five tools in your belt, you are well on your way to keeping your passwords safe.  Remember to keep them long, unique, and complex.  Use MFA whenever possible and use a password manager application to help keep track.

‍