What do we mean when we talk about account protection. Well, we suggest making sure every one of your accounts is secure. How does one make an account secure, you ask? Well, long passwords, unique passwords, and MFA. Clear as mud, huh. Let’s take a journey down the topic of account protection we all should be following.
Almost every day, someone says, “My Facebook account has been hacked!” Actual, it is a spoof; stay tuned for another blog on that. Every once in a while, someone’s account was hacked and taken over by a malicious actor. This happens for various reasons, all tied to poor security practices with account protection. Typically these accounts have a shared, short password with no MFA enabled.
Passwords! Every account should have its OWN password, no sharing passwords. In all the classes I teach, I ask who has one or two passwords for all their accounts. Sadly, over 95% of the folks use the same two passwords for EVERYTHING. Check the website Have I Been PWNED to see if you have had your password compromised; chances are you have. Once you have an account compromised, the malicious actors can use this information to access reports; they typically don’t do it manually. They use bots. Crazy to have your banking password be the same as your social media password, right?
Password Length! How long are your passwords? Pretty much all of us have been told at least eight characters with a combination of numbers, upper/lower case, and special characters. Well, it has since come out that this is not a good idea because the length of a password is more important than the complexity of the password. What we need to look at is passphrases, NOT passwords. Passphrases are essentially short sentences put together, creating a length of at least 15 characters. 5h0rter!1 is a lot harder to remember than Longerisbetter! isn’t it. The passphrase is better for protection due to its length. Short complex passwords are easy for a computer to guess and humans to remember. Longer passphrases are easy for humans to remember and hard for computers to guess. One of the best illustrations I have found of this concept:
MFA! What on earth is MFA?! That is a form of protection. EVERY account should have it enabled. This will increase your account's security. When there is a log-in attempt to your account, it will generate a text message, push notification to the authenticator app, or call with a code to verify authorization into the account. It has happened to me before where I can “push” on my authenticator app that someone was trying to log into one of my accounts; I denied the login and quickly changed my password to a passphrase. Now all my accounts have “passwords” that look like 4pRPd35W5Eeq1gl#rrcv. You can download an authenticator from your mobile app stores.
Password Manager! Password managers are exactly how you manage all these UNIQUE passwords for our accounts. There are many different types of password managers out there; make sure you spend a little money on the paid version and not the free version (Free isn’t always the cheapest). Password managers allow you to store all of your passwords in an encrypted capsule that you can access on your PC, web browsers, and mobile devices. The nice thing about password managers is you don’t need to remember all of your passwords. You only need to remember ONE. That ONE is what is required to get into the password manager. Make sure to enable MFA on your password manager.
I know no one reading this is writing passwords down or saving them in your browser, right? If you are, get a password manager and store them all there. Check out our www.GingerSec.Shop site for some options Password Manager | GingerSec Shop.