Have you ever wondered about the odds of having a password that is the same as several hundred people? Yes, this happens because people often use weak password policies and do not bother changing the default credentials. Common passwords, such as ‘admin,’ ‘admin123’, or ‘newyear2023’, are susceptible to getting easily compromised and exploited. Keeping your account safe requires certain password practices to protect your online identity and data. Thus, this article talks about a few do’s and dont’s for keeping your password safe.
Password Safety: Do’s and Dont’s for Keeping Your Password Safe
To start with the basics, here are some commonly known yet most exploited vectors revolving around passwords.
Having a Common Password and Overusing
The two most significant issues with passwords are creating them and remembering them. Thus, a common mistake that users often overlook is having the same ‘easy-to-guess’ password across every account.
Doing this keeps multiple accounts unsafe, and your internet identity can be compromised before a person can recollect the accounts where all these passwords were used.
Replenishment of Password
While it is alright to have a combination of random and personal strings as a password, don’t make your new password the same as your old one as it is just because it is easier to remember.
It is strongly advised to keep changing your passwords frequently. While many organizations mandate their employees to replenish their passwords monthly or quarterly, individuals must also imply it on their levels.
Setting periodic reminders on changing passwords helps keep your password safe.
Storing and Sharing of Password
Don’t store your passwords anywhere in plaintext format. With excellent encryption algorithms and multi-factor authentications on storage software, viewing and storing passwords can be done safely for sensitive accounts.
Storing and sharing passwords gets more manageable if they are stored safely. Various software that can keep your passwords safe is Keepass, Dashlane, 1Password, etc.
However, entirely relying on that isn’t advised. While storing the passwords on their devices, users are recommended to have their self-developed algorithm, such as character substitution. For example, ‘Akashisgreat123’ can be stored as ‘Blbtijthsfbu234’ by replacing every character with its next character.
Connecting to Public WiFi
Connecting to public WiFi can compromise your accounts since hackers can sniff and check for your sensitive information shared over the network. Certain network systems don’t encrypt the data. Different attacks that can be executed when connected to an unsecured, open network over WiFi include:
- Man-In-The-Middle (MITM) is an attack where the attacker receives your data as an intermediary between client and server, captures it, and relays it further.
- A Sniffing Attack occurs when the data is over an unsecured network via packet-capturing tools to gather data about the user, including cards, passwords, and IPs.
- Evil Twin Attack, implying setting up an identical but malicious WiFi making it appear legit to trick the users into sharing their sensitive data over the network or downloading malware hosted on the web.
It is advised to carry your personal source of internet to ensure connectivity everywhere. Also, users must prefer connecting to a private network from trusted sources only.
We suggest not relying on your password as the only source of logging in.
Setting up different authentication measures so the user has another way to prove their identity in case the password is compromised. Various websites allow users to confirm via SMS OTP, email OTP, or apps such as Google Authenticator that generate a key along with a password. Using passwords with the aid of MFA can strengthen the security of your account.
Take Your Alerts Seriously
Don’t ignore the login alerts present in the login history of your accounts. Various websites keep track of logins, login locations, and the time of logins as an alert. This is an excellent way to check whether any unauthorized logins have happened in the past.
Another way to track whether your account associated with the email or phone numbers has been compromised is to check it via HaveIBeenPwned. This service shows all the websites that have had a data breach in the past, and a regular habit of checking can keep your accounts safe.
Further, checking whether passwords are given to legitimate websites only and not any other impersonating sites, checking for the signs whether your phone is infected with remote access spyware or malware, a sudden increase in OTP requests, being locked out from an account for logging in too many times are some of the signs one should take seriously as this anomaly can be a start of something.
Towards the Conclusion
As we conclude on the topic of ‘Password Safety: Do’s and Dont’s for keeping your password safe,’ we hope some of these measures prove helpful if you aren’t aware of it yet.
If used correctly and regularly in practice, these tips will help eliminate the risks of your accounts being compromised and ensure your cyber safety.
Author Bio: This article has been written by Rishika Desai, B.Tech Computer Engineering graduate with 9.57 CGPA from Vishwakarma Institute of Information Technology (VIIT), Pune. Currently works as Cyber Threat Researcher at CloudSEK. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter at @ich_rish99.