It’s OK if you didn’t know there was a World Password Day – which takes place on the first Thursday of every May – but you should know how to manage your passwords.
At the risk of sounding preachy, if you don’t use strong passwords or if you use the same ones for all your online activity, you’re putting your data and devices at risk.
The good news is you don’t need a degree in computer science to safely work, play, bank and shop online.
“Individuals understand they should be secure and that recognition is an important first step,” says Michael Crandell, CEO of Bitwarden, a leading open-source password manager (given an A-rating by US News & World Report). “But they can better protect themselves by embracing tools such as password managers that are readily available and free, [which] mitigate the need for an over-reliance on memory and password reuse across multiple sites,” adds Crandell, in a company statement.
TALKING TECH NEWSLETTER: Sign up for our guide to the week’s biggest tech news
In its second annual password management survey, Bitwarden found more than 8 in 10 (85%) of Americans reuse passwords across multiple sites, with over half of those surveyed relying on memory to manage passwords. Also, about 60% of Americans have an average password length of 9 to 15 characters (Bitwarden suggests 14 is considered a secure starting point).
What’s more, almost one-third (31%) of US respondents experienced a data breach in the last 18 months, as compared to about 1 in 4 (23%) globally.
A few simple precautions can go a long way and so what better time than World Password Day on Thursday, to review them.
Create stronger passwords or use a manager app
Easy passwords can be easily cracked by cybercriminals. Resist using names of your kids or pets, birthdays or anniversaries.
Sound familiar? It should. Microsoft says 15% of people say they use pets’ names for password inspiration.
Reduce the risk by changing your password every so often (maybe every 60 days or so) to keep one step ahead of the cybercriminals.
I once heard a funny – but clever – way to think about passwords: “Passwords are like underwear: Change them often, don’t share them and don’t leave them lying around.”
Also, never use the same password for all your online activity, because if a service is breached and your password is exposed, cybercriminals may try it on another account.
A good solution to this is a trusted password manager app is a smart solution to using strong and different passwords for various shopping sites and other online activity.
SOMEBODY’S WATCHING ME: How to tell if someone is spying on your PC or Mac
Passphrases or biometrics work, too
Alternatively, some cybersecurity experts say a “passphrase” is even better than a password (and easier to remember). A passphrase is a string of words, which might include numbers and symbols, too, such as taking a phrase like “Barking up the wrong tree,” which then becomes “Bark1ngupthewr0ngtree!”
In honor of “World Password Day,” Microsoft suggests the safest password is no password at all.
Microsoft offers passwordless sign-in, allowing people to remove passwords from their Microsoft account to access things like Outlook and OneDrive using the Microsoft Authenticator app, Windows Hello, a security key or a verification code for secure and convenient sign-on. This video explains the “passwordless” approach further.
The company also shared a fun “bingo card” of common password-related mistakes we often make (see photo).
HOW TO GET HELP ON FACEBOOK: Find out how and where to access support
Enable multi-factor authentication
Speaking of passwords, you can make it much harder for cybercriminals by adding a second layer of defense to your online accounts, like shopping, banking and cloud storage accounts.
“Multi-factor authentication” means you need to enter not only a password (or use a “biometrics” solution, such as a fingerprint or facial scan) to assure that only you can access your accounts, but also a one-time code that’s sent to your mobile phone.
In other words, it combines something you know (password) with something you have (smartphone).
Bitwarden says multi-factor authentication has caught on: 79% of US respondents use it for workplace accounts and 77% use it for personal accounts. You can significantly reduce the odds of a cybersecurity issue by adding multi-factor authentication or most or all of your online activity.
Safeguard your online shopping
“While there is ‘zero liability’ protection, so cardholders are not responsible for any transactions they didn’t make, you can take a more proactive role in reducing the risk when shopping online,” says Michael Jabbara, vice president and head of Global Fraud Services at Visa.
“For example, sign up for multi-factor authentication, so when they try to log into a merchant’s site they’ll get a text to validate themselves, as well as signing up for purchase alerts, so if someone is trying to make a transaction on their card and it isn’t them they’ll get notified and they can contact a bank,” adds Jabbara, in a telephone interview with USA TODAY.
SHOP ONLINE SAFELY: Take these steps to protect your data online
“And before you type your card number, look for the ‘https’ in a web browser, to ensure it’s a secure connection.”
Jabbara says there are a few other little things to “practice good overall cybersecurity hygiene,” which includes exercising “common sense, such as not clicking on suspicious links or attachments or ads that seem too good to be true and of course, don’t give away your password or PIN – this all helps bolster your first line of defense.”
Use good anti-malware, VPNs
Remember to install reputable anti-malware software (short for “malicious software”), as it’s not just viruses you need to be concerned about, but also spyware, ransomware, worms, rootkits and Trojan horses.
Good cybersecurity software will automatically update itself with protection against the latest threats – but don’t forget to renew when it’s time, so you’re protected against the latest threats. Sometimes included in your cybersecurity suite, a virtual private network (VPN) is also a good idea to use when online as it conceals your online whereabouts from those who profit from tracking your activity.
On a related note, set your software (including operating systems) to automatically update, if possible, so you don’t have to remember to do so.
Also update “firmware” for your hardware, such as a wireless router and printer.