Best practice: passwords

Password best practices:
How to increase your password security

World password day falls on the first Thursday of May every year. The day’s purpose is to educate people on how to protect their passwords and secure their most valuable data.

Passwords are the keys to our digital lives. They protect our confidential and personal information and ensure that only authorised individuals can access our accounts. However, with the increasing number of online accounts we create, it can be difficult to manage and maintain strong passwords. In this blog post, we will discuss some best practices for creating and managing passwords.

World password day 2023

7 ways to improve password security

Here are 7 easy-to-implement ways to secure your passwords:

1 – Use a password manager

A password manager is a tool that helps you store and manage your passwords in a secure way. It creates and remembers strong passwords for you, and can automatically fill in your login credentials when you visit a website. This reduces the risk of using weak passwords or reusing passwords across multiple accounts.

There are a number of different password managers to choose from. Read this article by PC Mag to learn more about the different password managers available. In it, they rate what they consider to be the best password managers.

2 – Use strong and unique passwords

Creating strong and unique passwords is essential for password security. This is vitally important if you do not use a password manager.

A strong password should contain at least 12 characters and contain a mix of uppercase and lowercase letters, numbers, and symbols. Ensure that you use different passwords for different accounts.

Avoid using passwords that are easy to guess, like your name, birthdate, pets’ names or other common words. According to CyberNews, people commonly incorporate their favourite sports teams, cities, cuisine, and even profanities into their passwords.

3 – Enable two-factor authentication

Two-factor authentication requires a second form of authentication, in addition to your password. Authentication can be a text message, phone call, or authentication app. 

A hacker may guess, steal or obtain access to your password. However, they cannot access your account without access to your phone or authentication app. Enable two-factor authentication on all of your accounts that offer it.

4 – Change passwords regularly

It’s important to change your passwords regularly. It is recommended to change your password every 90 days, but this can vary depending on the sensitivity of the account.

5 – Be cautious of phishing scams

Phishing is a type of online scam. Attackers pose as a legitimate entity, such as a bank or online retailer, to try and steal your login credentials. They often send emails or texts that ask you to click on a link or enter your username and password. 

Be wary of any communication that requests sensitive information, and never open links or attachments from unidentified senders. 

Here are some things to look for if you suspect phishing

  • Look for personalisation of the message. Phishing scams are often sent out to thousands of people and because of that, are often not personalised. 
  • Check the sending and replying email addresses and ensure that the company’s web domain is in the email address. 
  • Be suspicious of emails that claim urgency to entice you to click on links. 

Test your ability to spot a scam on the  Australian Cyber Security Centre online test.

6 – Avoid public Wi-Fi for sensitive activities

Avoid using public Wi-Fi for sensitive activities, such as online banking or shopping. These can be easily compromised by hackers, which can allow them to intercept your username and password. Instead, use a secure network or a virtual private network (VPN).

7 – Check websites for secure HTTPS connection

Before logging into a website, check it has a secure HTTPS connection. This helps ensure that all communications between your browser and server are encrypted.

There are two ways to check for a secure HTTPS connection. The first is to check that the URL of the website begins with https and not http. An example of a website with a secure HTTPS connection is https://cabinetryonline.co. The second way is to look for the lock icon on the left side of the URL bar.

In conclusion

It is essential to use complex, one-of-a-kind passwords and we strongly suggest that you keep track of them with a password manager. Turn on two-step verification, update passwords regularly and be wary of phishing schemes. Do not use public Wi-Fi for confidential tasks, and verify that websites have HTTPS connections.

Follow these best practices to create and manage strong passwords that protect your personal and confidential information. 

Finally, we beg you to never, never, never use the most commonly used password – 123456

password security best practices