Using secure, random passwords rotated frequently is the best way to secure your online presence.
Choose the preferred settings of your choice based on the characters you need in your password. Specify the length of your password by selecting the amount of characters (alpha, numeric, or symbols) you need for your secure password. The strength of the password is dependent on its level of unpredictability, length and complexity. Using complex passwords will effectively guard against an attacker guessing it or brute-force attacks, hence lowering the risk of a security breach.
If available, it is always a good idea to use 2FA (2 factor authentication) or MFA (multi-factor authentication). Don't use easily guessed passwords to avoid common password mistakes, pins or passphrases such as password123, p@ssword, 123456. Avoid using your personal information such as birthdays, address, city, state, or pet name. It is never a good idea to used popular phrases, song lyrics, movie titles, or quotes as your password.
Protecting and securing your personal information is your responsibility, which is becoming more difficult as technology advances. More advance software used on powerful computer systems are now able to hack passwords in much less time than ever before. This means that more steps have to be taken to secure your data to ensure your accounts are not compromised. With the implementation of 2FA or MFA on user accounts, extra security is guaranteed which reduces the risk of hackers gaining access to your account.
Hackers are now more resourceful than ever using social engineering, phishing, malwares, key loggers, bruteforce attacks, data breaches, credential stuffing and hash cracking to gain access to online users accounts. There are tons of free tools all over the internet that can be used to carry out such attacks. Depending on the Operating System (OS) or website you use, the method in which you are able to use to secure your account might differ.
The amount of time it takes to guess a users password has become easier for hackers in recent years through the use of more advanced password hacking software to gain unauthorized access to a victims computer system both locally and remotely. Using a password that is not easy to hack is very important and ultimately the best way to prevent such attacks. The password length is also very important in this process. A combination of uppercase, lowercase, numbers, symbols with 12 characters or more will give you a better chance at avoiding your password from being compromised.
When creating a safe password, it's always a great idea to use at least 12 or more characters. Long easily memorable passwords are recommended over short complex ones.
It's recommended to use uppercase, lowercase, numbers, and symbols like "!, $, #, @"
Always try to avoid using any personal information, dictionary words, birthdate, address, phone numbers, common or guessable patterns.
It is never safe to reuse passwords for multiple accounts, one password to each of your accounts is recommended.
Using passphrases is another way of remembering long passwords by putting unrelated words together to form a memorable phrase.
Updating your secure passwords regularly is one of the best ways to prevent your accounts/sensitive information from being hacked.
Memorizing multiple passwords takes a lot to remember across multiple user accounts. This is where a password manager is recommended. Password managers essentially will automatically update your stored passwords, keep them encrypted, and allow multi-factor authentication for access. Modern web browsers will remember you passwords for you and use autofill when necessary.
The strength of your passwords is what determines how many tries an attacker has before they can gain access to your account.
Use strong passwords with effective security protocols in place will undoubtedly lower the risk of a security breach.
Restricting failed password attempts by implementing a failed password entry time-out system is another way of effectively securing your system from a password breach.
Using password generation programs to create passwords are normally hard to remember and so people often times fall in to the temptation of creating their own passwords based on their lifestyle and or individual qualities.
The more random the password the better.
It's always best to avoid using the same password twice across multiple user accounts or systems.
Character repetition, specific keyboard patterns, word or number sequence is not recommended.
Using publicly accessible information associated with user accounts such as names or dates is not recommended.
Never use people you know, colleagues, pet names or aliases to associate with user accounts.
Never share passwords with anyone, not even your friends or family members.
If you need to send passwords, make sure the communication is reliably secure, never send passwords by email nor instant messaging.
Always go directly to the official website of your bank or any other service you are trying to access, do this from your own created bookmarks or by typing the web address yourself.
Use only trusted links when accessing websites. Phony attachments or links are often used by scammers to imitate a company's communication to trick unsuspecting persons in to clicking these links or attachments. Never click links or attachments that appear in unsolicited messages, social media or emails.
You should always change password immediately for any user accounts that are suspected of being compromised.
Use different password for each website account you own. If your information is stolen from one website, hackers will try to use those credentials of other popular websites, like banking, social media, online shopping, etc. This method is very common and is referred to as Credential stuffing attack.
Phishing scams and social engineering are common where potential victims receive email messages that appears to be from legitimate online stores (like Amazon or eBay) or receiving a phone call from your bank trying to persuade you to give up you password and other sensitive information.
Multi-factor authentication (MFA) should be used whenever available. MFA requires both a password and a one time code generated by an app (like Google Authenticator). The one time code generated from the authenticator app adds an extra layer of security in case your password becomes compromised.
Be on the alert for anyone who might be requesting sensitive information from you, even if it is from someone or a company you know and trust. In other words, a crook could have hijacked a friend or company's account and sent out an email to everyone in the address book. Therefore, you need to treat these requests with caution.
Never ever share your password in response to a SMS message, email or phone call asking you to verify your identity, even if it appears to be from a friend or trusted company. Criminals will try this method to gain your password because it's easier to exploit and trick you into revealing such information.
Writing down your passwords is ok as long as you keep them in a secure location and away from places where the passwords actually protect.
Do not use words that can be found in a dictionary.
Do not use dictionary words with letters replaced by numbers (e.g., passw0rd)
Avoid using repeated characters or a series of characters (e.g., AAA or 123456)
Avoid using a series of keyboard characters (e.g., asdfg, qwerty)
Keep passwords secure by changing them at least every three to six months.
Avoid saving your password on a public computer that is used by more than one person (e.g., library computer)
Always take advantage of the last security measures set in place on any system you use to keep your account as secure as possible.
Make sure the websites you use to transfer any kind of information over the internet uses Hypertext Transfer Protocol Secure (HTTPS).
Before signing up or logging in on any website or remote resource, make sure it uses a secure protocol.
Delete emails or text messages immediately that gives you a link offering some form of promotion or prompting you to log into an account.