Do’s and Don’ts of Password Hygiene

  • Post category:Blog

By: William McGraw

Keys are used to allow people access to something they own or manage and keep people who do not belong on the outside. The same holds true when we talk about the passwords to our online accounts and keeping hackers on the outside. Most of us wouldn’t want a burglar to walk into our house and take our belongings, so we keep our keys safe. This should be the same with keeping our online keys (passwords) safe and out of the hands of hackers but many people still use passwords like “Password123” which makes it easy for hackers. Let’s go over some of the Do’s and Don’ts of password hygiene.

Don’t Use Easily Guessable Passwords

When it comes to creating passwords we must create long, strong, and unique passwords for our accounts. This will make it more difficult for hackers to gain access to your account by guessing or brute forcing your password. Brute forcing is when a hacker uses a tool to run through possible passwords to gain access to an account. Having a long, strong, and unique password can help defend against this type of attack. This makes it more difficult for hackers to try and guess your password or use a “dictionary” of simple and past compromised passwords. An example of this is below where a dictionary called “rockyou.txt” that holds over 14 million previously compromised passwords is used to brute force an account.

A successful brute force attack against a user named Jan

Don’t Reuse Passwords

There are many people who have that one password that they might use for everything but this brings in more trouble than they may think. Let’s follow the story from the image above and say the attacker was able to find your password “armando”. In addition to gaining access to that account the next thought a hacker may have is where else can I use this password? With some reconnaissance, a hacker may find some other websites that you use and if you are using the same password then they can gain access to every account that uses that password. Ensuring you use a unique password for every website or application helps to prevent a hacker from gaining access to every account from one compromised password.

Do Use A Password Manager

Ensuring you have a long, strong, and unique password on every different account can be a difficult thing to do but there are solutions for this problem. Using a password manager can help you securely store all of your passwords and can help you generate long, strong, and unique passwords that you don’t have to remember. This allows you better defend your accounts and keep your keys unknown to hackers.

Do Use Multi-Factor Authentication

Putting on Multi-Factor Authentication (MFA) on every account that supports it helps protect that account even if the password is compromised. In the event that your password is compromised a hacker still needs the other form of authentication which prevents them access. This gives the user time to go into their accounts and change their password while keeping their account secure. Where it is available put MFA on each account that you can to better protect your account.

William McGraw
Cybersecurity & Compliance Specialist
CompTIA Security+, CompTIA CySA+, CompTIA Pentest+,eJPTv2