This is a quick list from Tripwire’s security experts “for consumers to improve their password hygiene”:
- Change your passwords on a regular basis. Many of the passwords from the data breaches mentioned above are being sold on the dark web and are over three years old. Using stale passwords can keep you exposed to threats.
- Stop using passwords and start using passphrases. Using a series of words is far less likely to show up in an attacker’s password dictionary than a single word. A starting point for a secure passphrase could be a favorite quote or a line from a song, complete with spaces and punctuation.
- Be liberal with character substitutions. A password can be made stronger by replacing “o” with “0,” “e” with “3,” or “a” with “@.”
- Use a different password for each website or service. If an attacker manages to steal a password for one website, they can’t use the same password to access other websites.
In short; change ‘em, make ‘em longer, be creative, be unique. This is a nice and short hit list that our clients can use that avoids the technical jargon that we tech folk, OK, maybe just me, fall into.
Tripwire also adds turning on multi-factor authentication wherever you can and we concur. I do recommend using an outside authentication application like Google Authenticator, Authy, Duo, or Usher rather than relying on SMS text messages sent by your service provider. There are known problems with using SMS texting as your second authentication factor.
Passwords will be around for some time to come (my prediction) so keeping them clean is important.