Even though you’ve followed the rules of creating a secure password, the fight for digital security doesn’t end there. Account security must be maintained. With the multitude of existing threats, it’s more important than ever to be vigilant with your password security. After all, you don’t want to have advanced door locks installed on your house, only to give the keys away to a stranger.
In order to maintain your digital security, follow these five rules for keeping your password secure.
1. Change Your Password
Regularly changing your password ensures that if someone has gained access to your account, it won’t stay compromised. It’s a safety net.
A general rule of thumb is to change the password on your primary accounts more frequently than secondary accounts that have less critical information. However, if you become aware of a data breach, virus, malware, or spyware, whether with your account provider or on one of your accessed devices, it’s especially critical to change your passwords on your vulnerable accounts and any associated accounts.
Notably, new research shows that changing passwords too frequently can be harmful to one’s digital security. Carnegie Mellon computer science professor Lorrie Cranor reported that passwords changed too frequently often fall into predictable patterns, such as incrementing numbers. This predictability limits any security advantages gained from changing your passwords. “With a strong password, there is little to be gained having to change it every few months,” said password security expert and author of “Perfect Passwords” Mark Burnett. While changing passwords is an important part of security, there’s no need to go overboard.
2. Avoid Letting Your Computer Remember Passwords
Of course we all know that when you’re on a public computer, you should never let the web browser remember your password during the login process. The obvious risk is that the person who uses the computer after you then has access to all your information.
But even when you’re using your personal device, it’s still a good idea to not allow your browser or app to remember your passwords. Having a complex password for your account doesn’t do any good if the malicious party just needs access to your computer to gain entry to every one of your accounts.
An enterprise solution that offers both the convenience of easy login access paired with the security gained from not storing passwords is an identity management tool such as Single Sign-On. Not only does implementing SSO help your business achieve IT compliance, but it also automates and synchronizes user logins to make the login process easier and more secure.
3. Securely Store Your Passwords
Having complex passwords across a number of accounts and changing them regularly has made password management increasingly complicated.
Users need a secure and reliable system to keep track of their passwords. This could be a password manager tool, a protected file on a jump drive, or a handwritten note that is completely unhackable because it is analog. A reliable system for tracking passwords enhances personal digital security.
Yet on an enterprise level, password management is also cumbersome. Even with a password management process, it’s inevitable that password resets will occur. In fact, password resets are the #1 help desk request. Not only is it annoying for the user to have to call the help desk for password resets, it is costly to your business. With Avatier’s Password Station, users can reset their passwords themselves, reducing help desk calls by 30%
4. Use Two-Factor Authentication
Two-factor authentication can prevent a hacker from gaining access to your account, even if your password is compromised.
Wired says of two-factor authentication,”It’s starting to feel like a security blanket, an extra layer keeping your data safe no matter whether your password is as strong as 8$&]$@I)9[P&4^s or as dumb as dadada.” The idea “is to test someone’s identity based on something they know (like a password) and something they have (like their phone or another device),” explains the writer.
By receiving a SMS message via your phone, you are adding an additional layer of security to your accounts. However, to combat targeted and sophisticated attackers who exploit vulnerabilities in cell phone technology and use techniques such as swapping SIM cards, experts recommend more secure two-factor technology, such as apps like Google Authenticator or an RSA token.
5. Be on the Alert for Phishing Attempts
Increasingly, scammers are using sophisticated impersonation techniques to trick users into giving away important information. By sending messages with trusted logos, such as your bank, combined with an emergency warning and a link to a spoof website, users unwittingly hand over their credentials. Phishing emails can also appear as false business emails that get your system locked by ransomware. Or it could be a casual message from friends or family with a link that contains a worm, as was the case with the recent attack that spoofed Google Docs and gave hackers access to users’ accounts.
The FTC recommends you be cautious when opening attachments or clicking on links in emails. If you get an alert email from a company whose product or service you use, such as your bank, search for that company’s website to be sure you’re getting the correct login page and the correct phone number. It also recommends making sure that your software is up to date to prevent system vulnerabilities as well as to keep a backup of your files on an external drive or in cloud storage.
Digital security is complex and ever changing. With Avatier Identity Management solutions, you are protected with security standards that are designed to exceed military standards. Learn more at https://www.avatier.com/.