searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine

Related topics

  • 1.4 billion unencrypted credentials found in interactive database on the dark web
  • Consumers are ready to say goodbye to passwords

Featured news

  • Attackers disrupting COVID-19 efforts and critical supply chains
  • C-level executives driving the adoption of MACH across their organizations
  • Users largely unaware of the privacy implications of location tracking
  • CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses
  • Most businesses see state-sponsored cyberattacks as a major threat
Zeljka Zorz
Zeljka Zorz, Managing Editor, Help Net Security
January 2, 2018
Share

Make 2018 your year of taking password security more seriously

The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely.

2018-password-security

Choosing passwords

For one, avoid the most often used passwords.

SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also shows that using common words, personal names, expressions, expletives, consecutive number strings, and one’s year of birth as password is a bad idea.

If you devise your own passwords, make them a memorable and relatively long (e.g. 16 characters) passphrase that, preferably, makes sense only to you. This will allow you to remember it when needed, and make brute-forcing it harder for attackers.

Also, use a unique password for each and every account you create. If it gets compromised – as they often do when online services get hacked – you can be sure that the compromised password can’t be used to access your other accounts.

Consider using a password manager

Naturally, selecting and remembering a unique password for every account takes effort, but the process can be made easier by using a password manager – software made especially for keeping passwords and other sensitive information safe and stored all in one place.

Entry to this vault is usually protected by a password that you’ll have to remember – but what’s one password to remember compared to 20 or 40?

Also, many password managers have password generators, which will make the creation of long, complex and unique passwords a breeze.

Consider enabling 2-factor authentication

But even all of this does not guarantee that your passwords will never get compromised.

Perhaps the service you use does not encrypt stored passwords and gets breached, or does not encrypt traffic to its login page and an attacker sniffing the unsecured wireless network you’re on manages to grab it.

Perhaps you get infected with a RAT and the attacker can steal sensitive information (including passwords) directly from your computer. Or perhaps you get fooled by a phisher and you enter your password in a phishing page, handing it directly to the attacker.

In all of these instances and many others, having 2-factor authentication (2FA) enabled on your most sensitive accounts (e.g. email, banking, social media, etc.) is a good way to prevent account compromise.

The attacker might have gotten your password, but can’t get in without the second factor, which is usually delivered through other means – via SMS, a mobile app, or a hardware authenticator.

More about
  • account protection
  • authentication
  • password manager
  • passwords
  • tips
Share this
architecture

Why enterprises need rugged devices with integrated endpoint management systems

  • Five factors driving investment in IDV
  • 2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?
Whitepaper – EDR to secure mobile devices: Coverage, limits & recommendations

What's new

hand

Attackers disrupting COVID-19 efforts and critical supply chains

identity

Five factors driving investment in IDV

architecture

Why enterprises need rugged devices with integrated endpoint management systems

businessman

C-level executives driving the adoption of MACH across their organizations

Don't miss

architecture

Why enterprises need rugged devices with integrated endpoint management systems

identity

Five factors driving investment in IDV

tracking

CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses

2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?

template

Third-party risk management programs still largely a checkbox exercise

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • Twitter

In case you’ve missed it

  • Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations
  • How do I select a network monitoring solution for my business?
  • Tips for boosting the “Sec” part of DevSecOps
  • How do I select a DRM solution for my business?

(IN)SECURE Magazine ISSUE 67 (November 2020)

  • Hardware security: Emerging attacks and protection mechanisms
  • Justifying your 2021 cybersecurity budget
  • Cooking up secure code: A foolproof recipe for open source
  • Mapping the motives of insider threats
Read online
© Copyright 1998-2021 by Help Net Security
Read our privacy policy | About us | Advertise