More and more, we hear about company hacks, data breaches, leaks, ... . And although everybody knows that having a weak password is like leaving your front door open, a lot of people are still in denial about their own password security. Passwords are being set up quite casually and are used over different accounts. Even the one we set up for our very first email account, is often still in the running. Maybe you added some minor changes, just to be safe. Sounds familiar, right?
When you use insecure passwords for your private accounts, it’s completely on your own to take that risk. But when we’re talking about company passwords, that’s a different story. We believe that having a company policy for passwords will benefit your organization and will keep your data safe. Speaking from our own experience, we gladly share some of our best practices.
Keep your password fit
First of all, when you set up your password, you need to make sure it’s a strong one. There are different ways to come up with a strong password, here are some of our tips:
- Never use the same password twice
- Change your password regularly
- Don’t use personal information, like the names of your children, birth dates,... in your passwords
- Go for longer passwords over shorter ones with special characters. Longer passwords are harder to crack since special characters don’t add much to the complexity of a password
- Use the correct battery horse staple method to create easy-to-remember but hard-to-crack passwords
- Use the most obscure language you know for your passwords since that’ll lower the chance that hackers find a password match with a dictionary attack
- Incorporate spelling mistakes in your passwords
- If you have trouble coming up with a unique password, make use of a password generator tool
1password has one for example: https://1password.com/password-generator/
- Use a password manager for your passwords, but use the correct battery horse staple method for your master password
- Make use of tools like YubiKeys to level up the security of your passwords
Let someone else manage your passwords
Now, we can imagine it’s hard to remember all of your super-safe passwords. So why not let someone, or better something, else manage your passwords, like a password manager. It’s a tool that can help you keep track of your accounts, passwords, and any other form of credentials or information that you want to store securely.
Nowadays, most browsers already have an internal password manager. When they detect you logged in on a platform for the first time, they will automatically offer to save your credentials. Password managers such as Apple’s icloud-powered solution or Google’s Chrome built-in solution can even help you access your passwords from your mobile devices.
Some of the password managers use cloud synchronization, to make sure you don’t lose your backup. Thanks to this synchronization you can access your passwords from any device as long as you remember the master password. Some password managers are peer-to-peer only, without cloud synchronization. Others are database-based, which means you need to manage them yourself.
Most password managers will help you perform a health check while some even remind you to update your passwords. Password managers can also warn you when there’s been a data breach on one of your platforms, in that case, you definitely need to update your credentials.
Let’s have a look at our favorite password managers:
The ease of autofill
To make logging into your account a piece of cake, you can activate your autofill. No more remembering or searching for your password, just a quick click on that button to make your password manager do the work. When you use a password manager, you can let it automatically log in by installing an app that has saved credentials for that service. The user only needs to confirm that it’s the right account. (Google Smart Lock)
Most password managers are able to automatically fill in the appropriate credentials, if you teach them right. Also, Android has an autofill service that allows you to insert credentials in case of a match. The user has to make a choice of which app they want to use for this autofill service. Make sure to enter your password manager extension into your browser, so you can log in anywhere in the blink of an eye.
Check check double check
Two-factor authentication is a service you can enable for more security. It adds an extra layer to your login by requiring extra login credentials. When you log in with 2FA, you’ll have to confirm your access request through another device. Think of a code sent to your phone, a fingerprint scan, ... Because there is more hurdle to logging in with 2FA, it creates more safety. Some password managers allow you to manage 2FA for your credentials as well, but it’s safer to keep these two separate.
So under the motto “better safe than sorry”, you better start upgrading your password game.