Password Best Practices & Benefits of Two Factor Authentication

Let’s be honest. Passwords can be daunting, especially when it seems like every system has different requirements. Special characters, varying lengths, mixture of upper and lower case, numbers, symbols – it’s enough to make anyone dizzy with confusion.

Using a few “tricks of the trade” you can learn how to create stronger passwords that keep you protected, without adding frustration.

Password Faux Pas

Before we jump into tips on creating a strong password, we need to review common password faux pas:

• Don’t use “Password”, “Letmein”, swear words or common English words found in a dictionary; these are the easiest to hack.
• Don’t use short passwords – these are also very easy to hack.
• Don’t use the same password for all your password-protected websites. If you have one password for everything, it is like you are leaving a trail of breadcrumbs.
• Don’t use information that can be easily taken via your social media profile, like names, birthdays, and favorite places.
• Don’t write your passwords down. In can be tempting, especially in the workplace, to keep track of passwords the old-fashioned way, but these are easily discovered and, oftentimes, a direct violation of your company’s security policy.
• Don’t share your passwords. This one is a no-brainer, and if you must share, change it as soon as possible.
• How to Create a Strong Password

The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols. Passwords should not have any sort of tie to your personal information and should not contain dictionary words.

The secret to creating a hard-to-crack password that’s unique and easy to remember is to focus on making it memorable and making it hard to guess. Seems simple enough, right? By learning a few simple skills, you can easily create a strong and memorable password with minimal effort. Plus, creating them can actually be fun – and your payoff in increased safety is huge.

To avoid easy to guess or hack passwords try one or more of the following tricks:

Use a phrase and incorporate shortcut codes or acronyms

The examples below (please don’t make any of them your new password!) let you use phrases that mean something to you, or that you associate with a type of website. For example, the ’all for one and one for all’ may be the password for a social networking site where it’s all about sharing. It could be a phrase about money for a banking site, and so on.

• 2BorNot2B_ThatIsThe? (To be or not to be, that is the question – from Shakespeare)
• L8r_L8rNot2day (Later, later, not today – from the kid’s rhyme)
• 4Score&7yrsAgo (Four score and seven years ago – from the Gettysburg Address)
• John3:16=4G (Scriptural reference)
• 14A&A41dumaS (one for all and all for 1 – from The Three Musketeers, by Dumas)

Use passwords with common elements, but customized to specific sites

These examples (again, don’t use any of these) tell a story using a consistent style so if you know how you write the first sections, and you’re on the login page for a site you’ll know what to add.

• ABT2_uz_AMZ! (About to use Amazon)
• ABT2_uz_BoA! (About to use Bank of America)
• Pwrd4Acct-$$ (Password for account at the bank)
• Pwrd4Acct-Fb (Password for a Facebook account)

Use Two Factor Authentication

Two-factor authentication (2FA), also referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves.
When 2FA is authenticating a user’s identity, it can utilize three methods:

• Knowledge
  Something you know: a password, PIN, zip code or answer to a question (mother’s maiden name, name of pet, and so on)
• Possession
  Something you have: a phone, credit card or fob
• Inherence
  Something you are: a biometric such as a fingerprint, retina, face or voice.

If you use mobile banking, you probably have some experience using 2FA. In many cases, it works like this: After entering your online banking username and password for the first time, the system will likely require you to enter a CODE that is sent to you via a phone call, text message or email, in order to complete the log in process. This example requires your knowledge of your password, and possession of your phone to log in successfully.

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts, because knowing the victim’s password alone is not enough to pass the authentication check.

In today’s digital world, it’s necessary to learn best practices for creating strong passwords, as well as how to add a layer of protection using 2FA. The safety of your personal and business information depends on it!