Intel created World Password Day (the first Thursday of May) to warn people to protect online accounts by adding a layer to passwords. A password is no longer enough to secure online accounts since cyber thieves can use stolen usernames and passwords to commit identity theft. Multi-factor authentication, such as a one-time code sent to your cell phone, provides extra security beyond your password to make it tougher to hack your accounts.
Your business uses a variety of online accounts, such as email, banking, websites, e-commerce, and social media. As a result, workers are responsible for using passwords for dozens of websites. Some of these sites require you to use a mix of upper and lower-case letters, numbers, and special characters. On top of that, the sites will lock you out of your account if you make too many incorrect guesses.
Remembering separate accounts for each account is too inconvenient and frustrating for many users. Therefore, numerous people use the same easy password across multiple accounts. However, this habit is like leaving your office door unlocked at night. Cybercriminals can steal passwords easily and get unauthorized access to your accounts. Then, they can rob your financial accounts, carry out identity theft activities, and leak confidential information.
How can you protect your online accounts?
- Use multi-factor authentication. The security setting adds an extra step to your login process. This protects users against hackers compromising their passwords. Some examples include:
- Single-use codes sent to your phone or email
- Biometric scanning of your face or fingerprints
- USB authentication keys you insert into your computer, such as the YubiKey.
- Store login credentials in a password manager. For your organization, you can use Bitwarden, Myki, or TeamsID. Dashlane or LastPass for personal accounts. These types of programs use an encrypted cloud vault that users can access only with a master password. The programs usually have a browser extension that can capture your password and offer to save it into their system.
- Do not store passwords in plain text in a Word document, written down on a notebook, or stuck onto your monitor with a Post-it.
- Change your passwords immediately if they are on Nordpass’ worst passwords list: https://nordpass.com/most-common-passwords-list/. These include “123456,” “password,” and “qwerty.”
- Enter your email address into haveibeenpwned.com to see if any online accounts experienced a breach. If the tool pulls up any results, change your passwords for those sites. If you used those passwords on different websites, you would need to update that information also.
- You can go a step further and ask us to perform a dark web search of employee emails and passwords. You also have the option to subscribe to dark web monitoring through our Security as a Service. If we find any login credentials on the dark web, we can take remediation steps before a breach occurs.
- Update passwords so they are hard to crack. Change all your passwords so they are hard to crack. Security expert Bruce Schneier recommends that users, “Come up with an entire phrase that’s easy for you to remember, and then use the first instance of each letter, number, and symbol from each word in the phrase, keeping punctuation intact as well.” However, do not include your name, birth year, and pet name since hackers can find this information easily on your Facebook page.
- Not reusing the same password across different services. If a hacker guesses a password to one site correctly, they will start using it to access other services.
- Make sure to include strong password practices in your policies and procedures. Your company should train employees on proper password practices. Also, inform them of the consequences if they do not follow your policies.
- Password-protect computers, laptops, and smartphones. Change those passwords every three months.
- Using security questions only you would know. Not your sibling’s birthday, the first car make and model, or your elementary school’s name.
- Shutting down former employee accounts promptly.
- Keeping operating systems, applications, browsers, and plugins up to date.
If you are unfamiliar with how often you are updating your passwords, you should contact us to perform a security assessment to address this issue and others. You can reach SwiftTech Solutions at 877-794-3811 or support@swifttechsolutions.com.
Note: This blog was originally published in May 2018 and has been updated for accuracy and comprehensiveness.