Creating a Secure PasswordFirst, the simpler a password is, the easier a hacker is able to gain access. Using a program that cycles through and tries every combination of letters and characters, the difficulty and complexity of your password merely prolong the inevitable right combination. The most common passwords like “123456,” “password,” “football,” and “letmein” are cracked instantly. To create a difficult password, you need to use at least 16 characters with a combination of upper and lower cases, numbers and symbols. It’s also important to avoid things like dictionary words, personal information, usernames or IDs, and anything that’s obfuscated with simple algorithms like backward spelling or words with punctuation in between. Additionally, it’s bad practice to use the same password across multiple accounts. Even though 61 percent of people admit to doing so, reusing a password means that when one company has a data breach, your other accounts are then compromised, as well.
Keeping It All StraightSecond, now that we have established the need for so much complexity in our passwords, how can we keep it all straight to make sure we are achieving the highest security possible? A great tip is to use a phrase or sentence as your personal keycode. For example, the password “T5&[email protected]&ASt.s” could be remembered using the keycode, "The 5-and-10 is at Main and Ash Streets." A sentence is, of course, much easier to remember than a set of characters. As for keeping passwords straight across multiple accounts, many experts recommend using password managers to secure all your passwords. This means you’ll only have to remember one highly secure password, and then you’ll have access to all of your account information.
Additional Security StrategiesThird, it’s important to remember that your password is only as strong as the service’s security, so avoid using services that have bad security. As an example, for a company that uses a plain-text storage system, your password is easily accessible if the site gets hacked. Look for services that use password encryption, such as hashed passwords with salt or slow hash.
Using Multi-Factor AuthenticationFourth, implementing a two-step verification process that does not solely rely on your password adds an extra layer of security to your accounts. In this process, a one-time random security code is sent via a SMS message, a phone app, an auxiliary device like a token or smart card, or a secondary email address. Although it may be cumbersome to have an additional step before accessing your accounts, multi-factor authentication means that a hacker would need both your password and the one-time security code to access your account. Access to your account is, therefore, not achievable through a brute force attack.
Biometric SecurityFifth, you can amplify your security practices by implementing biometric authentication. Rather than using a security code from an SMS message, biometric account access is only granted by something that is unique to you, such as your fingerprint, your face, or your voice. Thanks to current cell phone technology, this is easier than ever before to implement. Cell phone touchscreens can double as fingerprint scanners, and webcams or phone cameras can become facial recognition devices. The advantage of biometric security is that it reduces any challenges for the user. When security teams implement more advanced security procedures that are increasingly complex, users will typically look for shortcuts and workarounds in order to easily access their accounts. Biometrics are easy to use and therefore are met with less frustration. IEEE member Diogo Mónica explains, "As a security community, we're finally realizing that having unusable security is akin to having no security at all.” Millions of companies have already implemented biometric security, including Bank of America, JPMorgan Chase, Citigroup, Wells Fargo and PNC. A Bank of America spokesperson said, “Fingerprint ID was the No. 1-requested feature from mobile users before we introduced it.”