Security best practices to keep passwords safe in 2022

Password security best practices to keep passwords safe in 2022

Keeping passwords safe is really important. It is indeed especially critical considering the increasing number of cyberattacks worldwide. We have passwords for many of our daily activities — social media, emails, bank accounts, etc. Therefore, using strong passwords must not be an option, as it is the simplest way to protect our devices and information.

Let’s see the best practices to keep passwords safe in detail!

Best practices and rules for a strong password

Use at least 15 characters

Creating long passwords, of at least 15 characters (whenever possible), minimizes the risk of cyberattackers breaking into your devices and accounts. Short passwords are easier to crack.

Password length is one of the most critical factors to keep passwords safe from brute force attacks.

Never use personal information

It is also important to avoid passwords that might be easily guessed. So, never using personal information — such as hometown, birthday, phone numbers or addresses — is a simple, basic way of keeping passwords safer. Moreover, you should also avoid using real words — such as proper nouns or dictionary words — to prevent cyberattackers from cracking your passwords using malicious software.

Combine letters, numbers and symbols

Randomly combine upper-case letters, lower-case letters, numbers and symbols to create stronger passwords. Besides, you should also:

  • Avoid using sequential numbers or letters, such as “123456”, “abcdef” or “qwerty”.
  • Avoid using common substitutions, such as replacing “PASSWORD” for “P455W0RD”.
  • Opt for rarely used symbols such as curly brackets {}, square brackets [] or parentheses ().

Placing characters randomly is one of the most effective ways of keeping passwords safe from a cyberattack.

These tips might seem obvious but, according to a research study by NordPass, these were the top 10 most used passwords in 2021 around the world.

Top 10 most used passwords in 2021

PositionPassword
#1123456
#2123456789
#312345
#4qwerty
#5password
#612345678
#7111111
#8123123
#91234567890
#101234567

Pick the first initials in a phrase

Creating long and complex passwords sounds good, but keeping track of all of them can become overwhelming. So, a tip for creating strong passwords, that you can easily remember, is taking the first initial letters of a phrase that means something to you.

For instance: “My first trip to Japan with Maya back in May 1990 was unforgettable”.

So, the password would be: “MfttJwMbiM1990wu”.

This method is known as “the sentence method” or “the Bruce Schneier Method”.

Use a password manager

Considering the large amount of accounts and devices we use, creating and managing complex and long passwords can become truly overwhelming. So, using a password manager to generate stronger passwords and store them safely can be helpful. Besides, password managers usually suggest strong passwords when creating a new login.

To generate strong passwords, you can also use a random password generator. For example, some of the top browsers nowadays include strong password generation and password management tools.

Never reuse or duplicate passwords

Never reuse the same password for different logins. This is particularly important when protecting devices or accounts where you keep sensitive information.

Having unique, complex passwords is easier using a password manager.

Use two-factor authentication

Whenever possible, use two-factor authentication, also known as multi-factor authentication, to further protect your accounts. Multi-factor authentication adds an additional layer of protection.

Be aware of password-cracking techniques

Being aware of the methods cyberattackers use to break into an account or device is helpful to outsmart attacks. By understanding how passwords get hacked, you can also better understand the best practices to have strong passwords.

Cyberattackers use diverse techniques to hack passwords:

  • Brute force attacks. It consists of a “trial and error” method. Cyberattackers enter all common passwords until one works.
  • Dictionary attacks. It consists of trying all dictionary words in order to crack a password.
  • Rainbow tables attacks. It consists of using precomputed lists of password combinations together with their associated hashes.
  • Phishing scams. It consists of tricking, intimidating or pushing an user into doing something through social engineering.

Change passwords periodically

There is no need to change passwords every month, but regularly modifying your passwords is a good technique to stay one step ahead of cyberattackers.

Additional password security best practices

Beyond the best practices to create strong passwords, you can also protect your login by following these additional security advices:

Use a VPN when connecting to a public Wi-Fi

When connected to a public network, use a VPN to make sure nobody can intercept your credentials.

Choose hard-to-guess security questions

When signing in into a new website or app, choose hard-to-guess security questions. Besides, make sure the answer to the security question cannot be found in your social channels.

Do not share passwords with anyone

Last but not least — and even though it might seem obvious —, do not share your passwords with anyone, not even your family.

According to Check Point, in 2021, there was a 50% increase in overall cyberattacks per week on corporate networks, compared to the previous year. So, remember, keeping your passwords strong and safe is the first step to avoid being a victim of a cyberattack or data breach.

Sources: NordPass and Check Point.

Share it on Social Media!