Best Practices For Secure Passwords

Choosing a new password can be a difficult task, especially when most security experts recommend different passwords for different accounts because of the risk of leaked data being applied elsewhere. For example, a hacker might use a file of leaked login credentials to access a critical account like a bank account. With so many passwords to keep track of, it’s no wonder that so many of us go the route of basing our password off of personal things like pet names or important dates. While simplicity is the easiest route for memory, it can put you at greater risk for what’s known as brute force hacking, which is when a computer-run program uses trial-and-error to crack passwords. Simple passwords, especially those with sequential numbers or common names or phrases, increase risk. To decrease your risk of having your information stolen, it’s important to ensure that your accounts and your passwords are strong, complex, and secure.

Follow our do’s and don’ts to creating more secure passwords and protecting your privacy:

Secure Password Do’s

• Do use a combination of uppercase and lowercase letters, special characters, and numbers. It is best practice to include at least three of these options in your passwords.
• Do make sure your passwords are between 8 to 20 characters long. The longer a password is, the better.
• Do enable touch ID. If your Smartphone offers it, advanced fingerprint security is the most secure and unhackable form of login.
• Do log out of your online accounts after using them. Leaving yourself logged into your accounts, even if it is on your personal phone or computer, does not ensure that you will be the only one to access it. Logging out each time, and therefore having to log back in, is also a great way to help you remember your passwords.
• Do use two-factor authentication (also known as two-step verification or 2FA) whenever possible. This provides an additional layer of security by requiring two login methods for the account. Even if a hacker does uncover your password, they will not be able to access your account without the verification code or login confirmation that was sent to your personal device.

Secure Password Don’ts

• Don’t use commonly used passwords such as ‘123456’ or the word ‘password.’
• Don’t use the same password for all of your online accounts. While this is the easiest route, and you are less likely to forget your passwords, using the same password on multiple accounts makes it that much easier for hackers to take over all of them at once. If one account is compromised, you want to ensure that the others are not at risk.
• Don’t use words, phrases, or numbers that can be easily guessed or found on your social media accounts. This includes birthdays, phone numbers, important dates, names of pets or children, etc. Anything that can give a hint to a hacker is best to avoid.
• Don’t reveal your password to others. Unless it is an account that you share with a trusted individual, it is best to always keep your passwords to yourself.
• Don’t periodically change your password if it presents a struggle for you. While it used to be recommended to change your passwords every 60-90 days, privacy experts have found that encouraging people to change their passwords frequently resulted in the creation of simpler, easier to crack passwords, shared across accounts. If you have a secure password, and do not suspect that it has been exposed, you can keep that password indefinitely.

Fake Login Pages

When it comes to your online login information, you should be aware of fake login pages. Fake login pages are essentially a lookalike of a real login page that is used to trick users into entering their login credentials, which hackers can then use to access their online accounts. These fake pages mirror legitimate websites by using logos, fonts, colors, and formatting that can be nearly identical to a legitimate login page.

These pages get in front of consumers through online phishing scams. Scammers will target recipients with spoofed emails or text messages from a trusted brand, enticing users to click on links by stating that they need to reset their password, have won a prize or money, the user must verify account information or lose their property, and more. The link will then connect the user to a fake login page where cybercriminals are waiting to steal your account information.

Knowing how to spot a phishing scam and avoid clicking on an unreliable link is important in ensuring that your login credentials are not stolen or tampered with by hackers. See the Piscataqau Savings Bank ‘How to Spot Fraud’ blog to familiarize yourself with common scams.

Password Managers

While virtual password managers may seem like a great solution, they can present considerable risk. It is best to avoid storing a password on any online platform, including the auto-save option that pops up on your browser when entering your login credentials for the first time. Online password managers are not nearly as secure, and are considerably more susceptible to hacking, than encrypted password managers.

Legitimate and secure password managers act as an encrypted digital vault to protect and store your login information, typically coming in the form of a downloadable application. In addition to organizing, storing, and synchronizing your passwords, some managers offer password generators to help you create strong alternative passwords if yours is weak, or if you are using the same password on multiple accounts. Similarly, many password managers offer a master password, PIN, or fingerprint authentication to autofill login forms online.

While some of these apps are free, the majority require a one-time purchase fee or a subscription. Reputable password managers include: 1Password, Dashlane, LastPass, and Bitwarden (which is free!).