06 Mar How Can Managed Service Providers Create a Strong Password

How to create a strong password

Are you reusing the same password for all or most of your online accounts? Because strong passwords can be very difficult to memorize, you may tend to reuse the same one over and over again. Or maybe you use simple passwords, which are weak and easy to break.

And that’s how accounts are hacked, it’s not by code, or specialized hacking skills. Just easy-to-guess passwords.

When a so-called “hacker” tries to access an account, all you have to do is have a computer and test all known passwords. Or, if it’s someone you know trying to log into your account, they only make some guesses until they log in; maybe they know important dates, equipment, pets, and people in your life, or they just know the password you use somewhere else.

But don’t crack under pressure! You can defend yourself when it comes to passwords. Here is the best advice currently.

THE KEY TO A STRONG LOCK: LONG, UNIQUE, RANDOM

While it may seem complicated to create top-notch passwords, we’re here to tell you that it can be pretty easy. All you have to do is follow some basic principles, and you can even get a little help from our friend, the password manager. Your passwords should be long, unique, random, and stored in an encrypted password manager. Let’s look at each of these in more detail.

LONG

The longer the password, the harder it will be to guess, and that makes it stronger. At a minimum, all your passwords should be eight characters long. Ideally, they should be 16-20 characters long.

UNIQUE

Using the same password on multiple sites is one of the biggest risks to your security. Ideally, every password you use on every site should be different. (Sounds like a lot to memorize? We’ll see how to store them in a moment.)

RANDOM

This means that your password does not follow a logical pattern and is therefore not easy for anyone to guess (including you). Avoid numbers that mean something to you (such as your birthday or address), and make sure letters or phrases lack rhyme or reason.

While it may seem like an odd idea to choose a password you can’t easily remember, keeping random passwords in an encrypted manager (explained below) makes it less likely that information from a compromised site could be used against you.

You may be wondering, “But how am I supposed to remember hundreds of unique, random passwords?” The answer is, you won’t. Remembering what you had for breakfast yesterday is hard enough! Use an encrypted password manager to help you.

STORE YOUR PASSWORDS IN AN ENCRYPTED PASSWORD MANAGER

Ideally, you should use a dedicated password manager to generate and store all your passwords. A password manager, such as 1Password, Bitwarden, and KeePassXC, which are often recommended by security experts, is an application whose sole purpose is to protect your login credentials and other sensitive data.

“Encrypted” means that to anyone else, your information looks like an unrecognizable messy code. If you were to encrypt the term “Data Detox Kit”, it could appear as “AG%$37/94” or “77GDa5T45!” (for example) to anyone without the password.

Password managers use strong encryption and other additional security measures such as “lock” to keep them safe. Encryption in dedicated password managers is the best protection you have — your passwords are much, much more likely to be guessed or exposed in a breach than someone breaking your password manager’s encryption.

Another advantage of this software is that it can generate truly random passwords for you. Most dedicated password managers allow you to sync your passwords between devices, or it’s even possible to set it up so you can share some passwords with your family or co-workers.

Important to note: These administrators are not the same as having your browser (Safari, Edge, Firefox, Opera, etc.) save your passwords. That type of storage doesn’t provide the same protection as a dedicated password manager. And the browser’s “autocomplete” feature can put your passwords at risk.

To keep your accounts more secure, don’t use the “remember me” or “save this password” features on a website or in your browser. Learn how to recognize the unique pop-up window your dedicated password manager gives you when it’s time to save a password. Better yet, copy your password by hand and paste it into that manager.

Should I change my passwords frequently?

NO! Changing passwords frequently is not helpful. It’s hard for us to remember passwords. To cope, we often create easy-to-guess passwords or reuse them. If you use unique and secure passwords, and yours hasn’t been exposed to a breach, you don’t need to change it.

Use a combination of letters, numbers, and special symbols

This traditional tip still applies to having a stronger and harder to guess a password, if your password is long and random enough. Unfortunately, some password systems do not allow you to use special symbols (such as @#$%-=), but a sufficiently long combination of letters and numbers is better than a short one.

Use a phrase instead of a password

It depends on whether you think you can remember a phrase like “My grandmother had 3 daughters + 1 son” or “I had my BMW for 5 years”, the length and complexity of these phrases can give you more protection than a shorter password. However, that’s only applied if you don’t use phrases that are easy to guess, such as song lyrics or important dates.

Should I enter my passwords?

It depends! Typing your password into a note and pasting it on your computer is an invitation for someone to come over and access your accounts. Keeping passwords in your wallet or purse is a problem if they are stolen. The way you store written passwords makes all the difference. If you have some very important passwords, for example, for your financial information, writing them down and storing them in a closed safe is not the worst idea. Just consider how often you need to access them and where…

Have password “levels” for sites that are more or less important

This is simply “a little safer.” Many people have “disposable” passwords for sites they don’t consider important (such as games, news, or social sites) and better passwords on sites related to their finances, personal records, or phone or email, which can be used to recover other accounts. This is not the worst idea. But it’s more important to make sure your passwords aren’t weak or reused. And consider: what could go wrong if someone even had access to your “disposable” accounts?

Take a look at this: Information Security: Overview, Types, and Applications Explained

TIPS FOR USING A PASSWORD MANAGER

To make your passwords safer, use an encrypted manager. Below you’ll find some additional tips to simplify the process of managing your passwords.

1. CHOOSE A PASSWORD MANAGER

Some great options are 1Password, Bitwarden, or KeePassXC. KeePass is free, but many people often find it harder to use. You might find 1Password, which charges a subscription fee, easier or with features you might need, such as sharing with other members of your family or work team. You only need a password manager, and it will be something you use on a daily basis, so do some research and choose the one that best suits your needs.

2. INSTALL IT

First, install the manager you chose on your computer and then on your phone. Not only is it a little easier to use password managers with a keyboard, but it also means you’ll have a backup ready to use in case you lose your phone.

For ease, you can install your password manager’s browser extension (you can find the steps in the resource links above). This will allow you to easily copy and paste your username and password into websites. (Again: this isn’t the same as your browser’s password manager; it has stronger encryption and other protections.)

3. CREATE A PASSWORD FOR YOUR PASSWORD MANAGER

Your password manager will ask you to create a strong master password – it should be a few words and not something you used elsewhere.

Practice repeating this passphrase until you memorize it! You’re going to have to use it daily. You may want to write it down and put it in a securely locked drawer, or keep it in your wallet for a while, until you’ve memorized it. Just remember: this will now be the key for all your accounts.

4. COLLECTS AND STORES

Once you start collecting and storing your account details in your password manager, you may find that you have more accounts open than you imagined. The collection process can take a few weeks until you remember and store everything you are using. This is also a good opportunity to take a close look at the accounts you have open and decide if you still want them, or if you want to close some accounts that you no longer use.

During this time, you’ll feel more comfortable with your password manager and make sure to memorize that master password!

5. STRENGTHEN YOUR PASSWORDS

Now that you’ve gotten used to your password manager, it’s time to strengthen them! Start with three important accounts – for example, your bank or credit card, your favorite social network, and the shopping site you use the most. Don’t start with your usual email account – that’s probably your key to recovering the other accounts. We recommend practicing with other sites first until you master your password manager. Change the password for each of those three sites, following your password manager’s instructions on how to generate and save a strong password.

EXTRA TIPS

You don’t need to change all your passwords at the same time. Every time you enter another site you use, change your password and save it in your password manager. Very soon you will realize that you are using your password manager all the time and that all your accounts are becoming safer.

To take your security to the next level, check if your web browser is saving your passwords and tell it not to save them – (even your payment methods). In most browsers (Safari, Edge, Chrome, Firefox, Explorer, etc.), you’ll need to look for the section called “AutoComplete” or “Passwords” under “Settings” or “Preferences”. You should also be able to clear the passwords saved there.

Forgot your password or got stuck outside a site? No problem. Just use the site option called “I forgot my password” and save your new password in your manager when you reset it.

TIDY UP YOUR PHONE WITH AN APP CLEANUP

Your apps produce as much data as your phone, if not more. The more apps you have, the more information about you is available, and the more companies have access to that data. Surely you’ve already heard about app data being leaked in the news and asked what you can do to avoid it.

In this part of detoxification, you’ll have a chance to finally get rid of those evil apps that have been collecting your data: the social media app that’s been tracking your messages, the dating app that’s been streaming your location, or the gaming app that wants access to your contacts, among others.

If you’ve ever scrolled between your apps and asked “when did I download this?” or “what does this app do?” this is for you. Start.

TAKE A CLOSER LOOK

It’s important to clean up apps from time to time – especially if it’s those apps you never use, and those that collect a lot more data than they should.

To decide which apps to stick with, and which ones to get rid of, take a closer look at what you have. Start with the app you use most often, and ask yourself these questions:

1. Do you really need that app? When was the last time you used it? Can you access the service from your browser instead of having an application for it?
2. What data can you collect? Your location, contacts, habits at home – don’t forget about those apps that control your devices at home.
3. Who is behind the app? Do you trust them? What is their business model? What is their privacy policy? If you’re buying the app from a commercial company for free, they’re probably selling your data.
4. Is there an alternative that is more privacy-oriented? Check out our Alternative App Center for suggestions.
5. What benefits are you receiving in exchange for your data? Is the exchange worth it?

As you answer these questions, you’ll be in a better position to decide whether the app should stay, or leave.

REMOVE UNNECESSARY APPS

It’s natural to assume that your social media, gaming, or weather apps aren’t collecting a lot of your data — but they may be collecting quite a bit. Removing apps can be a powerful way to detoxify your digital life. In addition, performing this cleaning can decrease data and battery usage, depending on the application.

If you’ve opened an account for an app you no longer want to use, be sure to close your account by going to settings or Profile, selecting the option to Delete or Close Account. You can even send a message to the service asking them to delete your data, then delete apps you don’t use, or if they’re very gluttonous of data – they just contribute to your data bloat.

Android:

• Settings → Apps → Select the app you want to uninstall → Uninstall.

Note: Apps that are configured within Android, or within the device developer – HTC, Samsung, Nokia – cannot be uninstalled.

iPhone:

• Press an app’s icon until they all start moving and small x’s appear in the top left column of each. To delete an app, tap the small x of that app. To return to a normal state, press the main menu button.

Note: Apps that are set up inside the iPhone cannot be uninstalled.

Unauthorized permission

Sometimes apps are a bit greedy, so we need to step in. One question you can ask yourself about any app is this: Does it really need access to that information? For example, the weather or gaming app can access your contacts, your social media app can access your location, your video app can access your microphone, or your transport app can access your camera.

You can turn off any permissions that your app doesn’t need to work. Note: You can easily change the permissions for your apps later, if you find that you’ve turned off too many.

On iPhone, you can selectively limit permissions in Privacy. In new versions of Android, you can go to Settings → Apps, and set permissions for each app individually.

You may be surprised to notice how many unnecessary permissions your apps have.

REPLACE WITH PRIVATE APPS

Cleaning up your apps makes a big difference in how many businesses have access to your data.

But now back to the question: “Are there better alternatives?” For many apps, there are others that perform similar functions, but don’t make money from your data.

You can find recommendations in the Alternative Apps Center.

If you feel it’s overwhelming to replace the tools you use, just start with one or two. To get started, look at your browser: can you replace it with Firefox or some other more private service?

REVITALIZE AND RENEW

Application cleanups are not just a one-time action. Make a habit of it and from time to time check your collection of applications. You can also check app permissions every time you install a new app, to make sure it’s not collecting more than you think or agreed to.

Excellent job! With a little regular maintenance, you’ll feel much more in control of your app ecosystem.

In SOS Support we can help you get a stronger password, contact us!