November 10, 2023, marks “More Than Just a Password Day”. This day aims to educate users on password best practice and stronger methods they can be using to help stay secure.
In this blog, we take a look at some top tips to help protect and secure your accounts and devices.
Say Hello to Passkeys
Wherever possible, switch to passkey authentication methods. These are not only more straightforward but also far superior in terms of security compared to traditional passwords. Passkeys work on cryptographic principles, validating your identity with a unique key saved on your device, which isn’t transferred elsewhere. Most modern operating systems, browsers, and email platforms are compatible with passkeys – simply look up “passkey” alongside your platform of choice for more details.
Strengthen Your Email’s Defences
Should your email still depend on passwords, ensure it’s protected with a robust, unique password and multi-factor authentication or two-step verification. Since email commonly serves as a recovery point for other passwords, securing it is crucial to prevent unauthorised access to your various digital accounts.
Layer Up Your Security
Adding an additional security layer like a physical security key, an authentication app, or a verification code via SMS boosts your defences against cyber threats. This method is often referred to as multi-factor authentication (MFA) or two-factor authentication (2FA). Opt for a hardware token or an authentication app over SMS for enhanced security.
Use a Password Manager
For accounts that don’t yet support passkeys or secondary authentication, use a password manager. This tool allows you to maintain strong, unique passwords without the need to memorise them. Password managers come in various forms, including dedicated software, built-in browser options, and system-integrated solutions. Remember to choose a strong and memorable master password for your password manager and to act quickly if the service is ever compromised.
Adopt Smart Password Creation Strategies
When creating passwords on your own, consider using a passphrase or the “Three Random Words” method suggested by the UK’s National Cyber Security Centre. These approaches result in passwords that are both difficult to crack and easy to recall.
What to Do If You’re ‘Hacked’
If your device is compromised or an online service you use is breached, change your password immediately. This also applies to any other accounts where you may have used the same password. Tools like “Have I Been Pwned?” can help you identify if your passwords are at risk. Always update passwords from a secure device to avoid further issues.
If your organisation is facing a potential cyber incident, don’t hesitate to reach out to us. At 3B Data Security, we have a 24x7x365 Incident Response service to swiftly address and mitigate any potential harm. Our team of expert consultants are always on hand to guide you through the necessary steps, ensuring your data remains protected and helping to prevent future threats.
Content Credit to “Nonprofit Cyber – Protecting Your Accounts and Devices: Common Guidance on Passwords.”
