October is National Cyber Security Awareness Month (NCSAM), which means it’s time to talk about passwords for the umpteenth time. Why beat this dead horse again? Because just about everyone still uses passwords, and even the most recent password security recommendations do not make them any stronger.
This year, the recommendation was eight characters — but how many people actually think an eight-character password is sufficiently secure? The majority most likely only use one because they have been told that a password with eight characters is stronger than one with six.
Sorry to be the bearer of bad news, but the truth is that eight characters are not enough.
How to Truly Strengthen Your Password Security
While these findings are alarming, there are several simple actions users can take to truly strengthen their password security:
... ... ...
- Ensure that all the passwords you use across websites are unique. This is the first and most important step you should take.
- Use a password manager to track and change passwords between sites and systems.
- Use fake information for password reset questions and birthdates and ensure this is stored in your password manager.
- Use passwords that are 12 characters or longer. Since most of us remember eight-character passwords, why not bring together two of them? Ensure this password is used for your password manager.
- Change your passwords at least annually, but preferably quarterly, and absolutely after any notification of a breach.
- Back up your passwords. Keep an off-site hard copy that is protected in case a cloud service fails.
- Ensure that all passwords in your password manager are randomly generated (most password managers include this functionality).
- Change the password to your password manager at least annually or whenever it has been compromised.