Since the start of the pandemic, cyberattacks have been exploding. During the first six months alone, data breaches exposed over 36 billion records.
The clinch? 95% of cybersecurity breaches are avoidable. They are caused by human errors – especially when it comes to selecting weak passwords.
We get it. Keeping track of passwords is tricky. On average, 130 different accounts are registered to every single email address in the US. The temptation to simplify things by choosing easy-to-remember passwords is huge.
But if the recent cybersecurity stats give you a bad feeling, or if you’ve had a breach yourself, it’s high time to resist that temptation – and brush up on your password management.
To help you get started, here is an easy four-step plan to give your existing passwords a security review.
Check for known breaches
First, start by checking if any of your passwords have already been breached.
In many cases, you might not actually know it has happened unless your account starts acting up. Unfortunately, not all services are quick about sending out notifications to users when their servers have been compromised.
The fastest way to check if any of your accounts have been hacked and your information leaked is to use an online service.
Breach monitoring services such as Firefox Monitor or HaveIBeenPwned.com allow you to enter your email address and check it against billions of account records that have already been leaked to the shady corners of the internet.
Eliminate reused passwords
Second, make a list of all your passwords – or check your password manager app – and pinpoint which ones you’re reusing and on which sites.
While using the same password (with small variations) in multiple places makes things easier to remember, it is also a golden ticket for hackers. If they manage to breach one of your accounts, they suddenly have access to a bunch of others as well. In many cases, their first step will be to try the same mail-and-password combination on any number of other services.
Increase Password Strength
Next, check for password strength.
As a rule of thumb, the longer, more complex, and less predictable your passwords are, the better.
To be secure, they should be 12 characters minimum, include numbers, symbols, and feature both upper and lower-case letters. Also: avoid using obvious substitutions, such as replacing O with 0, or I with 1.
These days, the easiest – and often the only feasible – way to achieve all of this without constantly forgetting and resetting your passwords is to use both a password generator and manager. These will help you automatically produce a secure password when you sign up on a new page, and store it for you. All you have to remember at the end of the day is the password for the manager app.
Enable Two-Factor Authentication
Finally, when you’re going through all your accounts, enable two-factor authentication (2FA) where possible.
This is especially important for accounts with sites such as Facebook, Apple, Amazon, and Google. Since many other services offer to let you use these accounts to sign up, they basically act as gateways into any number of other records.
While 2FA may be a bother from time to time, it is an invaluable extra layer of security. Nobody will be able to breach your accounts without also having access to a physical device such as your phone.