10 Essential Password Security Best Practices

When you’re in any way vigilant about online security, you undoubtedly have a distinct, complicated password for each protected online resource that you just use. Also, since you’re vigilant, you may sometimes have trouble remembering passwords. But weak passwords won’t arise to security issues from hackers.

Passwords are a pain, but strong passwords are also a vital technique of defense against hackers who won’t stop at anything to achieve access to your accounts. It’s well worth the effort and time to maintain hackers off-balance with smart, extremely strong passwords that (hopefully) you possibly can still remember. 

That’s the reason as Liquid Web celebrates World Password Day coming up on May fifth, we’re sharing password security best practices, common passwords you must never use, mistakes to avoid, ways hackers gain passwords, and the one thing everyone desires to know: find out how to make a powerful password.

Listed below are the highest security best practices around find out how to make a powerful password in 2023:

Use different passwords for various accounts, so if one is compromised, the others are usually not. This can avoid attack types akin to credential-stuffing attacks, where hackers use stolen credentials on other common platforms in hopes to achieve entry.

Phrases using symbols like a smiley face “:)” as a substitute of using the word joyful, or replacing the word “to” with the number “2”. Using characters and symbols rather than letters could make your password harder to guess for hackers or brute force attack techniques.

One of the necessary password security best practices to employ is to make use of passphrases with words that don’t normally go together as a substitute of easily-forgettable, long-character passwords. Passwords like “puppy airplane eating mango” are more easily remembered and fewer prone to be hacked than “puppy running around yard.” Use at the least 4 words as a part of your passphrase.

For one of the best password security, our greatest practices recommend using at the least twelve characters of interchangeable lower case, upper case, symbols, and numbers inside your password, no matter when you use a passphrase or not. Password length is more necessary for security than using numbers, characters, or symbols alone. Password length is a number one indicator of how long it could take for a password to be cracked by a brute force attack or other hacker password-cracking algorithm.

At all times check your password strength. Most sites allow for a password analyzer to speak how strong or weak your password could also be. Listen to the analyzer results and alter your password accordingly to make it stronger.

Interested by find out how to make a powerful password? Nexcess offers a novel Password Generator tool that means that you can generate complicated passwords, generate passphrases, and even check the strength of your existing passwords easily and securely.

Passwords can still be guessed or cracked, given enough time. That’s the reason you must change your password every 60-90 days on user-level accounts. This ensures hackers using social engineering, brute force, and credential-stuffing attacks cannot use your older passwords to achieve access to your systems or data.

Employ Two-Factor Authentication (2FA), also often known as Multi-Factor Authentication. This uses a text-based or application-based authentication method to confirm your identity prior to access. Even when a hacker gains your password in some fashion, they’ll not give you the chance to access your systems without access to your phone as well.

And lastly, spend money on a password manager. Password managers use multiple types of encryption to be sure that your passwords are even harder to crack and permit you to only need to recollect one password. Passphrases are perfect to be used as your password manager master password, after which you need to use extremely difficult passwords on your other user-level accounts and systems.

One other password security best practice is to make use of a security tool akin to Have I Been Pwned to examine and see in case your credentials were included in any recent data breaches globally. This means that you can make educated decisions about which passwords might have to be modified immediately.

Never use your first name, last name, age, birthday, phone number, address, checking account, or some other sensitive personal information as a part of your password. Don’t even use your dog’s name or your favorite travel spot. Doing so makes social engineering attackers’ jobs easier; most of this information is accessible in your Facebook account, which is public information.

Probably the most commonly used and worst password in 2023 was “123456.” Other common passwords included “123456789,” “qwerty,” and even “password.” And don’t think for one minute that password1 is an entire lot higher.

Anyone using any of those passwords is just begging to be hacked. Hackers are all over the place, they usually are continually in search of password vulnerabilities to attack.

To guard your passwords, listed below are eight common password mistakes to avoid:

1. Consecutive keyboard combos, for instance, “zxcvb” or “qwerty.”
2. Trending slang phrases or words spelled backward.
3. First name, family name, or names of your spouse or kids.
4. No personal information, like your birthday or age.
5. Never recycle old passwords, use passwords just once.
6. Don’t use the identical password for each account you possess.
7. Don’t let anyone watch you enter your password.
8. At all times log out of your account when you leave your computer around or are on a public network.

These are all great helpful hints to maintain you away from being hacked, which may often result in a fair worse turn of events, like identity theft or data theft/loss.

Brute force attacks are when hackers attempt to overpower your defenses, attempting combos of usernames and passwords with software that recombines English dictionary words with hundreds of variations in an try to access your website.

While WordPress is the most well-liked CMS, and subsequently essentially the most targeted for brute force attacks, other CMS platforms, and login systems are also vulnerable to attack.

Avoid the default “admin” name for WordPress and other login systems. Hackers will at all times try using “admin.”

Also, don’t use common names and even your website name because the username. As tempting because it is to think a hacker won’t give you the chance to spell your difficult last name, he/she will at all times cut and paste it from one other source.

Social engineering is a malicious tactic hackers use to control their targets into divulging sensitive and confidential information. Social engineering can occur across many alternative platforms, including email, social media, and even the phone. Social engineering, when paired with spear phishing, could be extremely effective to unwary targets that are usually not looking out.

All the point of social engineering attacks is to achieve confidential information that may very well be used to achieve access to systems, steal data, or steal your identity.

Website logins could be set to have either unlimited or a set variety of login attempts. It never hurts to limit the variety of login attempts you possibly can make to access your site. Not only will this eliminate the specter of brute force attacks, however it keeps hackers from attempting to access their site through manual password entry from socially engineered attacks.

When you are using WordPress, you possibly can download a plugin to do that for you, and even whitelist/blacklist specific IPs for access/denial of access. This manner, you possibly can make sure legitimate users can access your site while malicious hackers cannot.

So, all of this discussion around password security best practices is great and grand you say, but how do you have a good time World Password Day? 

Start by checking your most-used account passwords:

• Do these passwords meet minimum requirements against a password checker for strength? If not, change them now.
• Have these passwords been included in an information breach? If that’s the case, consider the ramifications and if some other accounts are in danger.
• Are these passwords used on other user-level accounts? Do any of those accounts have bank information tied to them or other sensitive information? If that’s the case, change all of those passwords as soon as possible.
• Have these passwords been shared with anyone else, internally or externally? If that’s the case, change the passwords now.
• Are you using 2FA or a password manager? If not, start by asking your IT manager if the organization has a advisable password tool. If not, Liquid Web has a listing of password managers to examine out. You may even use some at no cost.

Take the time to reply these questions and also you will probably be well in your approach to implementing password security best practices.

The above password security best practices will aid you further secure your site. Granted, thorough password protection isn’t a fast task, however it’s well worth the effort and time to maintain hackers off their game while safeguarding your site and customer data from theft.