Sometimes, there can be a password character limit that prevents the use of this strategy. In that case, another method is to think of a sentence — like “Jack and Jill ran up the hill” — and use every letter to create the base of the password. You can add further complexity with characters and numbers; for example, add a colon and a date to make it jajruth:2021.
Tip 2: Vary your passwords.
While it may seem easier to use the same password for multiple services and logins, it can quickly become a threat to all of your accounts. That’s because if your password gets stolen in one instance it can be used to access multiple sites and organizations you belong to. Databases of stolen usernames and passwords are used in attacks called credential stuffing and password spraying. When third-party services are compromised and improperly encrypted, user credentials can be leaked. Hackers then use these credentials in bulk to attempt login, with commonly observed passwords, significantly reducing the number of attempts.
This makes using different passwords across services critical. The good news is that password managers, like LastPass, are an effective way to maintain uniqueness and keep track of your credentials for all of the platforms we use on a day-to-day basis.
Tip 3: Utilize multi-factor authentication.
While we strongly urge everyone to use different passwords across services, multi-factor authentication can be used as an additional security measure against hacks that stem from a multitude of attacks against passwords.
Multi-factor authentication requires something you know (a password) and something you have (a mobile device, YubiKey or hardware token) to log into an account. This prevents hackers, who may obtain your password, from accessing your information without your knowledge. The exception comes into play, however, if they have somehow also obtained the device to which the multi-factor authentication service sends a verification code via text, call or push notification through a dedicated mobile app or acquires the hardware token.
Tip 4: Avoid malware.
Malware is software that is intentionally malicious, typically containing capabilities such as a keylogger. A keylogger is a type or a function of malware that can track every stroke you enter on your keyboard. As you could probably imagine, this can allow hackers to view your accounts and credentials that are being accessed. Avoid sites and links in suspicious emails that could be rife with malware like keyloggers. You can also stay proactive by having antivirus installed and updated on your device.
Another level of protection against malware can be to avoid using the administrative account on your computer. That’s because if malware runs under the administrator context on your computer, it maintains all the administrator capabilities, including disabling your antivirus or installing additional malware to embed itself deeply within the system. So even in the case that malware does slip through, if you don’t use the administrative account on your computer, it won’t have the same access to your files and information that you do under a “standard” user account.
Tip 5: Act quickly when a hack occurs.
Finally, even with the strongest measures, sometimes your passwords can be compromised. In that event, change your password immediately to mitigate illegitimate access to your information.
- How to talk to your students about trauma and school violence - May 27, 2022
- How to make the most of your COVID relief funds - May 26, 2022
- The digital dilemma in student well-being - May 25, 2022