The Most Asked Questions – and Answers – About Password Security

Sep 30, 2021 | Uncategorized

Password security doesn’t have to be as difficult as we often believe. Don’t get us wrong: It’s a critical issue for businesses and individuals. Yet, by following a few tested practices, you can maintain a high level of security to help protect your data, as well as that of your employees and clients. That said, to help you “up your password game,” we’ve answered below the most frequently asked questions we get on the topic, including how to manage what seems an ever-growing hoard of those passwords. If, however, you don’t see the information you’re looking for, feel free to contact us at Sawyer Solutions. We’ll be happy to help.

What Makes a Strong Password?

Most websites and apps already have several password requirements in place that help strengthen security. You’ve no doubt seen many of them, including the need for passwords to contain a combination of uppercase and lowercase letters, as well as at least one number and symbol. Still, there are a few other DOs and DON’Ts that are good to remember:

  • DO use longer words or phrases that will be memorable to you, such as a series of 3 or more words that don’t normally go together, ex. correcthorsebatterystaple
  • DO use a combination of letter cases, symbols, and numbers to make the password harder to crack, which is the reason most services require them in the first place.
  • DON’T use overly common words such as “password,” as these can be easily guessed.
  • DON’T use widely known or easy-to-find personal information, such as your last name and the year you were born.
  • DON’T rely on number/letter substitutions, such as 10ngp@ssc0de, because they too can be easily hacked by both humans and software.
  • DON’T use the same password for multiple sites, because if one site is hacked, those sharing the password become more vulnerable.

How Often Should You Change Your Password?

Some recommendations suggest changing your password every month, but not only is that a lot to keep up with, it can actually INCREASE your security risks because eventually, you’ll end up using a word or phrase that’s easy to hack. You’ll want to change your password no more than once a year, unless …

  • Malware has been detected on your device
  • Someone else has your password (shared willingly), but no longer needs access your account
  • You’ve logged on to the account on a public or shared computer
  • You’ve been notified that there has been unauthorized activity on your account
  • You are being prompted by the account to change your password. (However, in such instances, be sure that the entity requesting you reset your password is not phishing for your credentials. To be safe, go directly to the website’s address, instead of using the link sent to you via email.)

Keeping these factors in mind can make sure your passwords remain up-to-date and secure, without having to re-learn unique password combinations every 30 days.

How Should You Store and Remember Passwords?

Creating multiple unique and lengthy passwords quickly adds up. Instead of memorizing them (which if you could, we’d be impressed), you can use a secure password manager. Password managers store and protect passwords, and can even help you generate hard-to-crack passwords. We recommend using LastPass.When using a password manager:

  • Your master password (that which opens the password manager) should be the MOST unique and complex, as it opens the vault to ALL your other passwords
  • Do not store the master password in the password manager

We also recommend not letting browsers save your passwords, and signing out of your accounts when you’re no longer actively in them.

Do I Need Two-Factor Authentication?

Two-factor (also called multi-factor authentication) sounds complicated, but in reality it’s a simple way to provide an extra level of security to your accounts. When two-factor authentication is enabled, you’ll be required to enter a second piece of information — in addition to your password — to get into your account. Some of the common ways this occurs includes:

  • Sending a code to your phone or email to gain access to the site
  • Entering a code from a pre-installed code generator app
  • Identity checks, such as thumbprint scans or facial recognition

Am I Secure?

We’ve listed several best practices to keep your passwords secure and your accounts safe, but your business may have other vulnerabilities that no amount of password managers will be able to defend against. At Sawyer Solutions, we’re experienced in helping small and medium-sized businesses identify ways to get the security they need, in ways that are customized to fit their needs and budget. If you have questions about creating password security guidelines for your company, or aren’t sure if you have the right cybersecurity in place, we’d love to hear from you! We offer FREE no-strings-attached consultations to help you ensure your business is set up for success! Protect your business today!