What Is a Good Practice When It Is Necessary to Use a Password

Strong passwords can aid keep your information locked down

James Martin/CNET

When information technology comes to your online security, it'south essential to protect yourself with strong passwords. You lot need distinct passwords for all of your social media, banking company accounts, streaming services, and apps. Just with so many different accounts, information technology can seem incommunicable to come up up with passwords that you lot'll remember. This makes it tempting to fall into the bad habit of using the aforementioned login credentials over and over again.

If your information is compromised, weak passwords can have serious consequences, like identity theft. Last year'southward number of reported information breachesset up a new record -- not to mention the T-Mobile hack in 2021 that exposed more than than l meg customers' personal data.

The identity protection of a mail service-password world isn't here for well-nigh of us. And so in the meantime, attempt these best practices that can aid minimize the take chances of your information being exposed. Read on to learn how to create and manage the best passwords, how to be alerted if they're breached, and one crucial tip to make your logins fifty-fifty more secure. And here are 3 old password rules that wound up being dumb today.

Read more: Best password managers for 2022 and how to employ them

Use a countersign director to go along rail of your passwords

Stiff passwords are longer than eight characters, are hard to estimate and contain a diversity of characters, numbers and special symbols. The best ones can be difficult to recall, especially if you're using a distinct login for every site (which is recommended). This is where countersign managers come in.

A trusted countersign manager such as 1Password or Bitwarden can create and store potent, lengthy passwords for y'all. They piece of work beyond your desktop and phone.

A good password manager can assist yous proceed track of your login info.

The tiny caveat is that you'll even so accept to memorize a unmarried chief password that unlocks all your other passwords. Then make that one equally strong as information technology can be (and come across below for more than specific tips on that).

Browsers like Google's Chrome also come with password managers, merely our sister site TechRepublic has concerns near how browsers secure the passwords they store and recommends using a dedicated app instead.

Password managers with their single master passwords are, of form, obvious targets for hackers. And password managers aren't perfect. LastPass stock-still a flaw in 2019 that could take exposed a customer's credentials. To its credit, the company was transparent about the potential exploit and the steps it would take in the event of a hack.

Yes, you can write your login credentials down. Actually

We know: This recommendation goes confronting everything nosotros've been told virtually protecting ourselves online. But password managers aren't for anybody, and some leading security experts, similar the Electronic Frontier Foundation, suggest that keeping your login information on a physical sheet of paper or in a notebook is a feasible way to track your credentials.

And we're talking about real, old-fashioned newspaper, not an electronic certificate similar a Word file or a Google spreadsheet, considering if someone gains access to your computer or online accounts, they can also proceeds access to that electronic password file.

Keeping passwords on a sheet of paper or in a notebook might work all-time for some people.

Graphic by Pixabay/Illustration by CNET

Of course, someone could also break into your house and walk off with the passkeys to your entire life, but that seems less probable. At work or at home, we recommend keeping this sheet of paper in a safe place -- like a locked desk drawer or cabinet -- and out of eyesight. Limit the number of people who know where your passwords are, especially to your fiscal sites.

If you travel often, physically carrying your passwords with you introduces greater chance if you misplace your notebook.

Find out if your passwords have been stolen

You can't always cease your passwords from leaking out, either through a information breach or a malicious hack. But you can bank check at whatsoever fourth dimension for hints that your accounts might exist compromised.

Mozilla'southward Firefox Monitor and Google's Password Checkup tin testify you which of your email addresses and passwords have been compromised in a information alienation then you can take action. Have I Been Pwned can as well show y'all if your emails and passwords have been exposed. If you do observe yous've been hacked, see our guide for how to protect yourself.

Now playing: Watch this: Are your login credentials on the dark web? Find out...

2:08

Avoid common words and character combinations in your password

The goal is to create a password that someone else won't know or be able to easily guess. Stay away from common words like "password," phrases like "mypassword" and predictable character sequences like "qwerty" or "thequickbrownfox."

Besides avert using your name, nickname, the name of your pet, your birthday or ceremony, your street name or anything associated with you that someone could observe out from social media, or from a heartfelt talk with a stranger on an airplane or at the bar.

Read more: Strong passwords aren't every bit easy every bit adding 123. Here's what experts say really helps

Longer passwords are improve: eight characters is a starting point

8 characters are a great place to get-go when creating a strong countersign, but longer logins are better. The Electronic Frontier Foundation and security expert Brian Krebs, amongst many others, advise using a passphrase made upwardly of three or four random words for added security. A longer passphrase composed of unconnected words can be hard to remember, nevertheless, which is why you lot should consider using a password manager.

Don't recycle your passwords

It's worth repeating that reusing passwords across different accounts is a terrible idea. If someone uncovers your reused password for ane business relationship, they have the key to every other account yous use that countersign for.

The same goes for modifying a root password that changes with the addition of a prefix or suffix. For example, PasswordOne, PasswordTwo (these are both bad for multiple reasons).

By picking a unique password for each account, hackers that cleft into i account can't apply it to get admission to all the rest.

Avoid using passwords known to be stolen

Hackers can effortlessly use previously stolen or otherwise exposed passwords in automated login attempts called credential stuffing to break into an account. If yous desire to cheque if a countersign you're because using has already been exposed in a hack, go to Have I Been Pwned and enter the password.

No demand to periodically reset your countersign

For years, irresolute your passwords every 60 or 90 days was a long-accepted practice, because, the thinking went, that was how long information technology took to fissure a password.

But Microsoft now recommends that unless you suspect your passwords accept been exposed, yous don't need to periodically modify them. The reason? Many of usa, by being forced to change our passwords every few months, would fall into bad habits of creating easy-to-retrieve passwords or writing them on mucilaginous notes and putting them on our monitors.

Use two-factor authentication… but effort to avoid text message codes

If thieves do steal your password, you can still continue them from gaining admission to your account with 2-cistron hallmark (also called ii-step verification or 2FA), a security safeguard that requires you lot enter a second piece of information that merely y'all take  (usually a ane-time lawmaking) before the app or service logs y'all in.

Google's Authenticator app steps up your security.

Jason Cipriani/CNET

This style, even if a hacker does uncover your passwords, without your trusted device (like your phone) and the verification lawmaking that confirms it'due south really you, they won't be able to admission your business relationship.

While it'southward common and user-friendly to receive these codes in a text message to your mobile phone or in a telephone call to your landline phone, it's simple enough for a hacker to steal your phone number through SIM bandy fraud and then intercept your verification lawmaking.

A much safer way to receive verification codes is for y'all to generate and fetch them yourself using an authentication app like Authy, Google Authenticator or Microsoft Authenticator. And once you're set up, you can choose to register your device or browser so you lot don't need to go on verifying it each time you sign in.

When information technology comes to password security, being proactive is your best protection. That includes knowing if your email and passwords are on the dark spider web. And if y'all discover your data has been exposed, nosotros guide yous through what to do if hackers accept gained access to your cyberbanking and credit-card accounts.

rainsapoing1996.blogspot.com

Source: https://www.cnet.com/tech/mobile/9-rules-for-strong-passwords-how-to-create-and-remember-your-login-credentials/

Share this post