The average person maintains 100 password protected account logins, according to 2020 research conducted by NordPass.
I personally have 75 logins saved to my password manager, and that’s after going on an intense digital account pruning campaign a few months back.
With this rise in account logins, it has become increasingly important to implement strong password management and security strategies.
Around 6 months ago, I went deep down the password security rabbit hole to devise a robust strategy for managing and securing my passwords. I feel much more peace of mind these days having implemented a solid process, and managing my accounts has become a breeze.
Revamping your password security requires some considerable upfront work, but it is more than worth the effort, and I am here to help.
Here are 5 password management and strengthening tactics that can be implemented across households and organizations alike.
Two-factor authentication is a security process in which users provide two different authentication factors to verify themselves.
Enabling two-factor authentication is one of the lowest hanging fruit opportunities to improve account security.
Many digital services and businesses enable two-factor authentication by default these days. Other services leave it as an option to be enabled, and some don’t offer it as an option at all.
I would recommend switching on two-factor authentication across as many of your accounts as possible. It is a quick and simple way to add an extra layer of security to your data, regardless of your password strength.
Two-factor authentication slightly decreases convenience, but greatly increases security – a very worthy trade-off in my opinion.
A password manager is a software application designed to store and manage online credentials.
Utilizing a password manager is a great way to boost both convenience and security for your online accounts.
With a password manager, you only need to remember one password: your master key. This is a single password that grants you access to all of your stored account information.
Industry-leading password managers like my personal favorite, Bitwarden, use military-grade encryption in their products. Your passwords and sensitive data are strongly encrypted before they are sent and stored to any servers.
Password managers are not without risk, but they are a great step towards securing your most sensitive data and establishing a sustainable account management process.
A survey conducted across 1,761 people by the Ponemon Institute revealed that 51% of respondents reuse passwords across their digital accounts.
Surprisingly, all of these survey participants were IT industry professionals. This leads me to believe the percentage of the general population who reuse passwords is likely much higher.
Making sure to use 100% unique passwords across all of your accounts is a crucial tactic for securing your sensitive data.
At this stage of the digital age, we have all likely been recipients of the tail-between-the-legs mass email from a company indicating that our account credentials have been compromised in a data breach.
Using unique passwords will ensure that hackers can’t easily hop from one of your accounts to another once they have one of your login credentials in hand.
In addition to being unique, passwords should be as strong and complex as possible. To take the guesswork out of the equation, I use Password Wolf, a random password generator created by Jack Rhysider.
In the world of application security, a password pepper is a secret value added to a password before hashing.
Password peppering is a technique to add an additional layer of user security by incorporating these secret values into the password workflow without storing the value of these peppers in any database.
This technique can be applied in a simple fashion to your own individual password security process.
I use a manual password pepper workflow for my most sensitive online accounts: primarily financial and banking logins. The process is very simple:
I already have a unique, strong and complex password for each of my financial and banking accounts, which are stored within my secure Bitwarden password manager.
For all of these financial logins, I have added the same 3 digit string to the end of each password. The full password with the 3 digit “pepper” is saved as my official credentials with each respective financial institution, but the pepper portion is excluded from my password manager.
When I log in to a financial account, I can simply fill in the username and password from my password manager, then manually add my secret 3 digit pepper to the end of the password to gain access.
This password pepper strategy adds additional security and peace of mind to managing my most sensitive accounts. It is intended primarily as an answer to the question, “What if a worst case scenario played out, and all of my sensitive data was leaked from my password manager?”
When it comes to cybersecurity, you are only as strong as your weakest link.
You may personally have a solid password strategy in place, but it only takes one other member of your team or household with poor digital hygiene to bring down the whole ship.
Once you’ve established your own robust password process, turn focus towards your fellow colleagues and family members and help them do the same.
By securing ourselves and those around us at the grassroots level, we can work towards weaving cybersecurity best practices and continuous improvement into the cultural fabric of our households and organizations.
In our modern world filled with ever-growing digital logins and passwords, these tactics can help secure your most precious data from bad actors.
There are several more tactics that can be employed for password security, as well as deeper and more complex strategies within these 5 focus areas. Conducting your own research and staying on top of evolving best practices is important to maintain and improve your security posture.
Do you have any favorite password security tools or tactics, an interesting password story, or a comment on this article? Feel free to reach out via LinkedIn or email: firstname.lastname@example.org