Best Practices For Password Safety on Password Day

With World Password Day upon us, we thought it would be a good time to bring up how to practice web safety, and how to keep your passwords locked and loaded. Here’s the thing. Cybercrime is on the rise, so how can we well-intentioned but regular people protect ourselves against it? Well, the first line of defence is relatively simple, though ingeniously effective.

Are you ready?

It’s changing your passwords regularly.

It sounds ridiculous, right? How can doing something so simple keep you safe? The reason why changing passwords is so effective might surprise you, or it might not. It might be so mundane that you might think everyone should know about it and do it regularly, right?

Our statistics say otherwise – we are constantly surprised at just how many people use the same passwords for everything, and never, ever change them. Then, if that password gets leaked or phished, hackers use a technique called credential spraying to test it against every login site they can find, compromising far more than just the leaked account.

We recommend changing your passwords on a regular basis. Centurion Cyber Defence typically recommends its clients change their passwords at least once every 90 days. You can take a similar approach, though if you have trouble remembering, you can also change your passwords with the seasons.

To further improve your password security, include special characters, capital letters and numbers. Using more characters helps but making the passwords deliberately more complex has diminishing returns, since most hackers employ a brute force script. A random 20-character string of gobbledegook and a 20-character string of Jane Austen would resolve in the same average amount of time because to a computer, they have approximately the same randomness.

Ie. It’s a kilogram of iron and a kilogram of feathers. Which is heavier?

We can instead recommend that people craft a password with a long, easy-to-remember phrase, combined with capital letters and numbers. On top of this, using something called a two-factor authentication method will make it more difficult for those with malicious intent to brute force their way into your accounts.

Two-factor authentication takes a variety of forms, but the simplest types will send a text to your phone with a code that you must enter after correctly entering your login password. This additional step might seem annoying, but it goes a long way in keeping hackers out of your accounts. If your password is ever leaked, two-factor authentication will provide a critical layer of defence until your next regular scheduled password change.

On top of all this advice, there’s also one more thing you can do to protect your information and your passwords: Never share them with anyone, ever.