Take 5 Steps Toward Better Password Habits

When it comes to protecting your information online, it's worth focusing on security basics. When you do the basics well, you reduce or eliminate the most common cyber threats. Top of the list: Following password best practices. Most of us know a little about password security, but we need to do more than learn about password best practices. We need to implement them. Let's review the five most critical steps you can take today to follow password best practices and how a password manager can simplify the process.

Add password complexity

You've probably heard people talk about "strong passwords," but what does that mean? Strong passwords are long, unique, and use different types of characters. As a result, strong passwords are harder to guess, take longer to crack, and generally make it much more difficult for cyber thieves to break into your accounts. Every password you create should be at least 12 characters long, but the longer, the better. Those characters should be a mix of upper case, lower case, numeric, and special characters. Some websites restrict the types and number of characters you can use, but you should make the password unique within whatever guidelines they give you. A password generator can instantly create long, unique passwords for you. It's also important to remember that passwords should never contain personal information, like pet names, family birthdays, or street addresses. They also shouldn't be a single word from the dictionary. Instead, a long passphrase that combines multiple words is better. Passphrases tend to be memorable while not being easily guessed.  A password manager can help organize all of those unique, strong passwords. A password manager stores logins in an encrypted vault and enters your credentials when accessing an account. When using a password manager, ensure your master password is a long, strong passphrase.

Keep passwords private

Don't use the same password for different accounts. Every account should have a distinct password. It's also critical to never reuse the master password you create for your password manager.  Why? When you reuse passwords, it's more likely that hackers will be able to use that password to log in to your accounts. When one website experiences a data breach, and cybercriminals post the leaked data on the Dark Web, hackers can now try your username and password combination to log in to your accounts on other websites. Password reuse is a leading contributor to hacked accounts and data breaches. Avoid sharing passwords with others, too, but if you have to, change the password when they no longer need access to the account.

Add multi-factor authentication

A layered approach to security is a stronger approach to security. For example, turning on multi-factor authentication for your accounts adds extra protection by requiring more information before granting access. In addition to a password, a user must provide a code, PIN, fingerprint, or other information to prove their identity. You can turn on multi-factor authentication for many types of accounts, including financial, email, social media, online shopping, and for access to your password manager. Multi-factor authentication can slow down or eliminate account takeovers. Even if a cybercriminal were to steal the account password, they wouldn't be able to access the account without this additional information. Many multi-factor authentication options are easy to use, especially those that rely on your smartphone to approve a login through a push notification or fingerprint swipe.

Turn on account recovery

Keeping cybercriminals out is essential, but so is getting back into your account when you lose a device or forget a password. We're human; things happen. When setting up a new account, take the time to understand your recovery options and the information you will need to provide.  For password managers, there may be additional secure password recovery options you should enable as you get started. These recovery options will allow you to prove your identity and regain access to your password vault in case of a forgotten master password or the use of a different device. 

Set up breach alerts

Over the past couple of decades, hackers have stolen data from thousands of companies. As a result of these data breaches, cybercriminals have amassed an immense trove of data on the Dark Web, including passwords, personal information, credit card numbers, bank accounts, and more. The data can be bought, sold, traded, and sometimes just posted for fun. As a result, we all need to be vigilant for data that may end up on the Dark Web through no fault of our own. Following the above password best practices will help mitigate any effects of having your data on the Dark Web. However, it's also important to stay alert to new breaches. Turning on Dark Web Monitoring informs you of security issues at other websites that may affect you. Based on the alert, you can update a password, close an account, or take other actions to protect yourself online. Few of us have the time or skill to track down our data on the Dark Web, so a monitoring service can be a critical asset in staying on top of new threats.

Take the first step to better passwords

Now that we've armed you with the knowledge of password best practices, you know what you need to do to improve your online security and how to do it.  But don't make it harder on yourself by trying to do it all manually. Getting started with a password manager helps you implement these best practices by automating many of the above steps and keeping everything organized in one place. For example, generate long passwords in one click, store passwords in an encrypted vault, turn on multifactor authentication, and enable Dark Web monitoring with a password manager.  Ready to improve your security? Get LastPass today.