Over the past few years, you might have come across the "swiss cheese" analogy in relation to layers of protection in the context of public health. For example, using masks is one layer of protection, maintaining physical distance in public areas is another, air ventilation is yet another, etc. The idea is that all these measures stack up to offer robust protection against infection.
The same analogy can be used in cybersecurity terms as well. Passwords are super important when it comes to online security, but just having one isn't enough. Layering in additional measures to increase password strength and security as well as extra authentication factors will increase the overall safety of your data. Even if each element of security has a certain associated vulnerability or risk, stacking them one on top of the other will reinforce protection and keep your data secure.
To celebrate World Password Day, we've prepared a list of our top tips and measures that will help you maintain your accounts' security at maximum level. In this post, we're covering how to:
1. Use really strong passwords
2. Change your passwords regularly
3. Check if your data has been compromised
4. Turn on 2-factor authentication
5. Use a password manager
Read on for more details on how to keep your passwords strong and your data secure!
Use really strong passwords
The general rule when it comes to password strength is simple - longer, more complex, and unexpected passwords are safer. Each additional element or layer increases security and makes the password harder to crack.
So, what does this rule mean, in practice? Well, password length speaks for itself. Each additional character increases the number of tries a computer needs to make to guess your password. More characters means more possible combinations.
When we say complexity, we mean the range of different characters. Including letters in different cases as well as numbers and symbols means that, again, the number of possible combinations increases.
What about expectations? The computer trying to crack the password isn't completely naive - it's armed with a dictionary and it also knows that people like to switch similar-looking numbers and letters to make their passwords "stronger" yet memorable.
Let's look at some good ways to come up with a strong, unique password that you can also memorize easily!
(1) Three Random Words rule
A good way to start is by picking three random, unrelated words and stringing them together. Using unrelated words makes it harder for the computer to guess, since it will try to use words and phrases that actually make sense.
For example: concise + banana + heir -> concisebananaheir
Even as is, this password is very strong because of its length (17 characters). And yet, it's memorable because of the unique word combination.
However, it's still vulnerable to a type of attack called a 'dictionary attack', so we'll need to make it even stronger.
(2) Use numbers and special characters unexpectedly
To improve the password even further, you can mix in some upper case characters, numbers, and symbols. Try not to use them in an obvious way, like substituting the number 4 for the letter A or using special characters to split two words.
For example: conCi6ebaN.anaheir
Now the password is even more complex and harder to crack.
(3) Memorable misspellings
Here's another trick you can use: misspell the words used in your password. That's another way of combatting the dictionary attack, while retaining the easy memorability of your password.
For example: konsise + bunana + heyr -> konsisebunanaheyr
Add some character variation: konSi6ebuN.anaheyr
According to Security.org, a computer trying to crack this password would need about 17 quadrillion years to succeed. That sounds like a pretty strong password, no?
More tips on crafting strong passwords from our blog:
Strong passwords and how to remember them
9 ways to make your passwords less bad
Change your passwords regularly
While strong passwords go a long way toward keeping your online accounts secure, they're still at risk of being exploited by certain advanced hacks as well as malware like keyloggers. That's why changing your passwords regularly and often can help keep safe.
A good rule of thumb is to change your passwords every 3 months. This might be a bit tedious to do for every single one of your accounts, especially if you have many of them. You should at least do this for the most important or sensitive accounts, such as Facebook, email, or banking and payments accounts. For others, a longer period, like 6 months or one year, might be good enough.
Some websites, particularly those offering financial services, might actually require you to periodically change your password in their Terms of Service. In case of breach and financial loss, they might look at whether you've been compliant with these security requirements when deciding on whether or not to reimburse you. It's an immensely good idea to give them as little space as possible to blame you, the user, for a breach that was likely caused by their own vulnerabilities.
To make sure you don't forget to change your passwords, set a reminder in your preferred calendar app to do this. Make sure you update your password manager, too!
Check if your data has been compromised
If you're changing your passwords regularly, chances are you'll stay protected. Even so, cyber criminals use sophisticated hacking methods that continue to improve. However unlikely it may be, your data could still be compromised in a breach.
If that happens, you'll probably want to know about it! The good news is that there are ways for you to check if your data was involved in a breach. Haveibeenpwned.com is a great tool that scans data dumps from known breaches to see if your email is among those that were exposed.
Check whether your data has been compromised in a data breach: Have I Been Pwned
To keep on top of possible breaches, we recommend subscribing with your email address(es) and Haveibeenpwned.com will notify you whenever it's detected in a breach.
Firefox Monitor is a similar tool that allows checking for and being notified about breaches where your email was compromised.
Turn on 2-factor authentication
We've stressed this point before, and we'll do it again - do yourself a favor and turn on 2FA!
Introducing an additional factor (a one-time password or OTP, in this case) that is required at authentication makes it that much harder for culprits to break into your account. Even if they managed to crack or steal your password somehow, they'd also need access to your device.
You can usually find the 2-factor authentication option under Settings, Security, or a similar section of the app or website you'd like to protect. In Koofr, you can turn on 2FA by opening the drop-down Account Menu, selecting Preferences, then going to 2-Factor Verification in the left sidebar menu.
A variety of different OTP mobile apps is available, so you can choose whichever one you feel comfortable with. Google Authenticator or Authy are a good start. If you're looking for an open-source OTP app, have a look at Aegis or andOTP for Android, or FreeOTP for iOS.
Use a password manager
By now, you probably know that you should always use unique passwords, right? Using the same password for several accounts makes them all vulnerable. If one of them is breached, then the perpetrator can try to use the same password to try your credentials elsewhere.
The same goes for reusing old passwords from other services. Just don't do it. Using unique passwords is basic digital hygiene.
But with so many different passwords, it can get tough to keep track of all of them. Writing them down on a piece of paper is risky and impractical, and plain-text notes on your computer are even worse.
A password manager is an application that encrypts and stores your credential information, letting you access and use it as needed. Instead of all the different passwords, you just need to memorize a master password for the manager app. Many password manager apps even offer autofill features that streamline everything.
The good news is that there are paid, premium services available as well as free and open-source tools. Many of them let you use cloud storage like Koofr for backup or syncing across devices.
We have tested out these free password managers that can be connected to your Koofr:
Backup your Enpass password database to Koofr
Save your Keepass2Android password database to Koofr with WebDAV
Migrating from LastPass to KeePassXC
We hope these tips will help you keep your passwords strong and secure! We'd love to hear from you - why not join our Reddit community and talk to us?