We recently sat down for a Q&A session with our Chief Information Security Officer, Bob Brown, to make sure we are up to date on his latest password security recommendations.
What should I consider when coming up with a new password?Length equals strength. For example, which of the following passwords do you think is stronger? A) HJ@&4 or B) ILiketoWatchMovies!
The answer is ‘B.’ A strong password doesn’t have to be complicated and difficult to remember. If you want to make it even stronger, try adding in some special characters: IL!ketoW@tchMovie$!
Do I really need to use a different password for everything? Why?Data breaches do happen. You can mitigate risk by changing up your password for different accounts. This way, if your favorite online shoe store gets hacked, the cyber-criminal will not have access to your social media accounts or your credit card accounts.
What is multi-factor authentication, and why is it important?Multi-factor authentication requires you to verify your identity two or more times before you’re given access to an account. Most of the time, this will be your account password along with a code that’s sent to your phone or email address.
The chance that someone breaches your password and also has access to your text messages or email is less likely than someone gaining your password alone. For accounts containing information that you don’t want others to have access to, it’s always a good idea to have that additional layer of protection.
12 characters is very long. Do you have any tips on how to remember all my passwords and keep them straight?Twelve characters is a lot to remember, but that’s why we recommend using a passphrase. You may not be able to remember 4rRhdnos$ljh, but I bet you can remember your dog’s favorite treat. Try something like this: MydogBillLovespe@nutButter!!
You can also consider using a password manager. Password managers store all of your credentials behind one master password that unlocks the software. The downside to a password manager is that if the developer gets hacked, all of your passwords will be exposed in a single breach. This has happened, but this is extremely rare. Most security experts agree that the benefits outweigh the risks. When you use a password manager, you are more likely to use long complex passwords, and this will improve your overall online security.
How often should I change my password? Do I need to change my digital banking password more often than my Instagram password?For any account that gives access to your personal financial information or private information that you would not want public, it is a good idea to change your password 4 times a year. Prioritize updating the passwords on accounts that contain sensitive financial data, but it is also smart to check in on your social passwords occasionally–you wouldn't want someone masquerading around the internet as you.
Is there anything else I should know about password security?The easiest way to gain access to someone’s password is simply by asking them to give it to you. Reputable businesses will never need you to give your password by email, text, or phone. Be alert. If someone asks for your password, don’t tell them–even if you think you know them.
Be suspicious of any emails you weren’t expecting, and never click the links in these emails. If you aren’t sure about an email, type in a known URL and access the account or website that way. Don’t click the email link until you can be sure that the link is genuine.
If you receive a call from a business you have worked with in the past and any of the questions they ask seem suspicious, always hang up. Call them back on a number you know is legitimate.