Passwords matter and are something that you and every employee can use to protect your data. Maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene.
Watch out for re-use, multiple use and similar use
Rotating passwords isn’t a good idea. You may notice some sites may not even permit you to use passwords you have used previously. Avoid changing your password by adding a character or two or making it too similar to others you have used or are using. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites. Automated tools can take a compromised password and test different combinations very quickly.
Avoid writing down passwords
This one may seem a bit outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet, handbag or computer bag isn’t an especially good idea. Wallets and bags can be pilfered if left lying around unattended. Visible notes are just a bad idea. If you choose to write them down, keep them locked away and not visible to passersby. Consider the use of a trusted password management tool.
Don’t share passwords
One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.
Phishing tricks
Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this before, but it bears repeating because it seems to work against even the savviest digital users.
Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:
- Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
- Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
- URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to the actual Bank of America website.
In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time.
