Password Protection: My Mother’s Maiden Name Is…

Estimated Reading Time: 4 Minutes

How many of us use a variation of the same password for multiple accounts? How many have post it notes filled with passwords pasted on a desk and/or laptop? As we’ve mentioned in an earlier blog in this series, identity protection and cybersecurity go hand-in-hand – and good data security and identity protection practices often start with how both are being kept safe and secure from unauthorized use/access. Using the same password – even if an individual changes a couple of letters/numbers for the new password – and sharing PII online is risky digital behavior that will leave your customers exposed to potential cybercrime and identity theft and/or identity fraud. That is why we’ve created the following list of tips to help your customers implement better password hygiene.

Say No to Recycling Passwords

As tempting as it is for your customers to reuse the password they had for their first ever email account, we highly recommend they don’t. Advise your customers against recycling the same 1-3 passwords across multiple accounts, and instead, recommend using completely different passwords for all accounts. Password and/or login credentials are oftentimes leaked as part of a data breach, which helps contribute to hackers using a technique called “credential stuffing.” This is when hackers take user login credentials from a data breach, and try to “stuff” those credentials into the login page of other digital services. If the same password is used across multiple accounts they now have access to all of them. So using varied and unique passwords for digital accounts will help protect your customers if a hacker is able to compromise even one account.

Let’s Go Long When it Comes To Password Length

When creating new passwords, the longer the password is, the better your customer’s chances are of not falling victim to identity fraud. We recommend passwords be over eight (8) characters long, with a mix of numbers, upper and lowercase letters, and special characters – with the numbers and symbols spread throughout the password instead of bunching them together. Your customers should also avoid including information like birthdays, phone numbers, and especially their social security numbers, as hackers will often use that information to help them guess a password.

MFA All The Way

Multi-Factor Authentication (aka MFA) is a great way to help deter hackers from obtaining access to digital accounts. The simplest type is two factor authentication (2FA).  2FA not only requires user’s passwords, but will also send either a unique code or number via text/email to users as an added layer of security. So even if a hacker is able to obtain the password to one of your customer’s accounts, 2FA helps prevent the account from being compromised. This is just another preventative measure your customers can start using for the online accounts that support the security feature.

Password Storage is Key

Your customers should strongly consider how and where they’re storing their passwords as well. And despite there being a multitude of ways to use sticky notes, we do not recommend your customers use them as a means to remember/store their account login credentials, especially if they are left out in plain sight. Instead, recommend that they store them in a secure (i.e. password protected) digital file on a home desktop or laptop that no one besides them uses, and that also has an anti-virus software installed on it. If they are wary of using digital password protection tools, recommend that they at least keep any written passwords in a locked place that only they have access to and that the passwords are not listed as such (e.g. password for bank account, password for Facebook, etc.).

After a Data Breach, It’s Time for a Change

As mentioned above, user login information is often part of the data compromised in a data breach. Once a data breach has been disclosed to the public, consumers should immediately update that account’s password to help thwart identity theft.

Those are only a few ways to implement good password protection hygiene, but once put into practice, your customers will be well on their way to practicing good identity protection and cybersecurity habits.

Looking for even more #BeCyberSmart tips & tricks? Follow us on TwitterLinkedIn, and Facebook, and check out our other 2019 NCSAM blogs!