The 2018 Verizon Data Breach Investigations Report found that 81% of hacking-related breaches happened thanks to stolen passwords. The report also noted that over 70% of employees reuse passwords. Not much has changed since then, and many businesses and employees have yet to realize the importance and reality of password security.
Improving password security reduces the chances of a data breach or cyber-attack. So, with that in mind, let’s answer one question: how can businesses improve their password security?
How to Upgrade Your Password Security
Use a Password Manager
Keeping records of your passwords is bad practice (more on that later). So why do many people do it? According to a study done by NordPass last year, the average online user has to remember around 100 passwords. No one—absolutely no one—could recite 100 passwords by memory, not if all of those passwords were unique.
Having to remember so many passwords is why so many users opt to reuse passwords, save them somewhere, or keep them short and simple. But those are all bad practices! If you find yourself disregarding password security for the sake of convenience, why not try a password manager?
Password managers are tools that allow users to store account credentials in the manager itself—its “locker.” The credentials stored are hashed and encrypted to ensure total security. In other words, password managers offer security and convenience in one package. Most password managers are free but offer premium plans if needed.
Change Your Passwords Often
Even the strongest passwords are susceptible to elements outside of your control. If an online retailer experiences a significant data breach that leaks the credentials of millions of customers, for example, it wouldn’t matter how strong your password is; their password is now visible to the people responsible for the data breach.
For this reason, you not only need to create strong passwords, but you also need to change your passwords frequently. You don’t need to make drastic changes, but you want to ensure that your accounts are impenetrable.
Create Unique Passwords
Take a moment to think about all of your passwords. How many of them are unique? Are they easy to guess? Are your passwords comprised of personal information like your date of birth?
Passwords should always be unique, and they should never be easy to guess, nor should your passwords use personally identifiable information that is easily found online.
A strong password consists of letters (uppercase and lowercase), numbers, special symbols, and considerable length (14+ characters). Immediately change your passwords to fit these criteria if they don’t already. But make sure never to reuse a password! Accounts that use reused passwords are at greater risk of being hacked than accounts with truly unique passwords.
Never Save Passwords
Convenience attracts users, which is why Google, the Mozilla Foundation, and Microsoft have upped their respective browsers’ ability to deliver users a convenient, seamless experience. One way they’ve done this is by allowing users to save their passwords to their browsers. To its credit, this practice does make logging in convenient. However, it is an atrocious practice security-wise.
If those companies ever experience a data breach, all those stored passwords can be stolen. Users also need to consider malware; browsers can be infected with malware, and it would be extremely easy for said malware to steal those passwords from the browser itself.
Enable Two Factor-Authentication
Passwords aren’t enough nowadays. You can do everything in your power to secure your accounts—create unique passwords, store them in a password manager, change them every week—and yet you would still find yourself vulnerable to data breaches and hackers.
For this reason, you should enable two-factor authentication (2FA) as soon as possible. With 2FA, accounts verify the identity of the person logging in by sending them a one-time password, usually in the form of an email or text. Without access to your phone or email, the hacker will not be able to enter your account, and you will receive a warning that someone is attempting to hack your account and that you should change your password immediately.
How to Further Secure Your Online Activity
Install a VPN
Cybercriminals on those that use public networks? Why? It’s because public networks lack essential security protocols that prevent cybercriminals from stealing user data via the network.
If you’re someone that uses public networks, you’ll want to make sure your data is in good hands. A VPN service, for example, will encrypt the data your device sends out on a network, ensuring that your data will be safe from cybercriminals on the same network.
Stick to HTTPS
Back in the 2000s, websites stuck to HTTP. As time went on, however, website creators realized the importance of security, which is why many websites now use HTTPS, a secure version of HTTP.
HTTPS promises data protection in the form of encryption. Think of it like an encryption layer ingrained into a website. HTTPS is fantastic, and it’s a good idea to stick to websites that use HTTPS instead of HTTP. In other words, don’t enter personal information on a site that doesn’t have any data encryption in place.
Avoid Clicking on Strange Links
Scammers are a plague on the internet—one that seems impossible to get rid of. Scammers resort to a bunch of tricks, but the most common trick is to send a strange link to a bunch of people and hope the victim clicks on it. If they do, they’ll be taken to a website that either a) steals their data while they’re on the website or b) tricks them into entering personal information into an online form that is sent to the scammer.
This is known as a phishing scam, and they are extremely common. Fortunately, they’re easy to avoid; if you see an email with a strange link by someone you don’t know, don’t click on it. As long as you do that, phishing scams will have no effect on you.
It’s no secret that, for the majority of online users, password security is lacking. Fortunately, there are many ways users can secure their passwords and their overall online experience.