Basic Security Practices to Have

When it comes to basic security, most people think just having a password is more than enough to secure their online accounts. Well, I hate to break it to you, but that alone is not enough. As we continue further into this article, I will explain why. But first, let’s talk about passwords.

Many individuals tend to use simple passwords, particularly dictionary-based ones. What are dictionary-based passwords? They are word-based passwords found in an actual dictionary. For example, using the word 'Password' as your password. It may sound funny, but in reality, many people do this and may add a special character like '!' or numbers afterward.

Nowadays, hackers incorporate actual dictionary words in various variations into password cracking or brute force tools. It would usually take a hacker less than a second to crack and brute force these types of passwords.

How Do I Make My Password Stronger?

The NIST standard recommends a password length of at least 8 characters as a minimum but encourages longer passwords if possible. I personally would not recommend using that as a minimum length for a password. If anything, try using at least 12 to 15 characters in length with uppercase, lowercase, numbers, and special characters. I know this sounds like a lot to remember, but I would recommend you use a password manager to store your passwords. This way, your passwords can remain secure on the cloud and are accessible anywhere with an internet connection. Also, if you find it hard to create passwords of this complexity, don’t worry; most of these password managers have password generators that can create complex passwords for you.

Why Are Passwords Not Enough?

Having a complex password, as mentioned earlier, helps reduce your risk of your account being compromised. However, there is a risk that if a hacker manages to obtain your password, they could gain access to your online account/s. There are various methods through which hackers could obtain your password, including data breaches, session hijacking, or finding passwords written on a sticky note, among others.

What Can I Do to Be More Secure?

While having a complex password is a crucial aspect of boosting your security, setting up Multifactor Authentication (MFA) adds an extra layer of protection to your online accounts. Passwords are something you know and are stored in a database, but MFA introduces the concept of something you have. Multifactor Authentication (MFA) is often stored on your phone through an app like DUO, Google Authentication, Microsoft Authentication, etc. Other forms include SMS, email, and call verification. With MFA enabled, logging in requires a code after entering your username and password. When the 2-step Authentication screen appears, you can retrieve the code from your MFA app, receive a text message, email, phone call, etc. After verifying the MFA, you can access your online account. Without that code, no one can gain entry, significantly enhancing the security of your online accounts.