1. Use Complex Passwords
The No. 1 way to increase password security is to use more complex passwords. This means making them longer, omitting common phrases and using more types of characters, including lowercase letters, capital letters, numerical digits and punctuation marks.
If we take this logic to its extreme conclusion, then we’ll realize that the most secure password is not one that’s thought up by a human at all, but one that’s been randomly generated. Web browsers like Chrome are able to randomly generate passwords for the user, and there are plenty of other applications for this purpose as well.
Using a randomly generated string of characters makes it effectively impossible for a hacker to guess the password or to obtain it through a brute force attack. The only downside is that it makes the password much harder to remember, so it will need to be written down or otherwise stored somewhere.
2. Two-factor Authentication
For sensitive data like banking accounts, you should always use a method of two-factor authentication. 2FA bars anyone from accessing the account until they can verify their identity as the rightful owner by responding to a text on their phone, an e-mail to your address, or by punching in a code on a dedicated 2FA app.
Two-factor authentication ups the security factor exponentially because even if a hacker had stolen that password, they would not be able to log in unless they had also compromised that second e-mail account or gained physical access to your smartphone.
It will naturally take more time for you to log in using 2FA, but the added security should be more than worth it to protect sensitive data.
3. Never Use the Same Password on Multiple Accounts
Apart from using common passwords, the worst possible security practice is to use the same password multiple times. The reasoning is simple: If a hacker obtains one of your passwords by purchasing it on a dark web market or another method, they can easily find and access other accounts that use that password through a method called credential stuffing.
In a credential stuffing attack, the hacker runs a script which takes the password and automatically copies it to hundreds of other web sites to try and gain access. These attacks have a very low rate of success but remain common because they are so easy to do.
If you use exactly one password for only one account online, then the odds of falling victim to one of these specific attacks are absolute zero.
4. Stay Organized With a Password Manager
If the most secure passwords are randomly generated, and we can’t use the same password across multiple accounts, then how are we supposed to actually remember all these passwords?
That’s where a password manager program comes in. It effectively takes memory out of the equation by locking all your complex passwords behind one master password.
Most popular web browsers today include built-in password managers which are very convenient because they tie every password to one account and can autofill your passwords on the fly. They can also migrate all your saved passwords to a new machine when you log onto the same browser account.
However, if online security is of the utmost importance to you, then you should shy away from using a password manager that has any online access. The most secure managers only save the passwords onto your local machine and not to any server. Dedicated password manager devices also exist which function a bit like calculators and have zero internet connection.
When using an encrypted password manager, it’s crucial to remember the master log in credentials, otherwise you could lose access to all the other passwords. It may be useful to write the main password down onto a piece of paper as a fallback. However, this paper should be stored somewhere away from the computer not easily discovered, and preferably accessed using a physical lock and key.
