If you haven't heard this from me already, October is Cybersecurity Awareness Month. This October, I'm publishing 12 tips throughout the month to help you stay secure online. This week's tips are focused on helping you protect your devices and accounts.
There are so many ways your computers and phones are put at risk each day, so it's important to protect them with defenses just like you protect your home with a lock and key. Passwords are one of the primary defenses on your accounts, making good password hygiene imperative to staying safe online. This week's tips are focused on these two areas, so by the end of this article, you should be fully equipped with the information you need to implement better security on your devices and help you kick weak password habits to the curb.
Tip #1: Use antivirus software on all devices and update it frequently
I'm sure you've heard this one before, but many people discount the importance of installing a good antivirus (AV) program on their devices and making sure it stays up to date. I should also emphasize that when I say all devices, I mean all devices. Yes, that means your tablets and smartphones too!
Contrary to popular belief, there is malware that can infect Android and iOS platforms, it's not just Windows devices. Companies like McAfee, Norton, and Kaspersky are all antivirus vendors that offer AV for both PCs and smartphones. This is an important protection to have due to the large number of viruses and spyware that traverse the internet.
Even if you're a careful internet browser and never fall for phishing scams, you're always one click away from navigating to a site that's infected with spyware or malware. This leaves you paranoid and unsure of what to do next. Leveraging AV for smartphones is your best option to avoid situations like that.
Second, it's important to keep your AV product up to date on all your devices. If there's an auto-update setting (which there should be), turn it on. I can't stress enough how important it is to keep your antivirus up to date. Think of it like your phone: when updates are released, you may wait a few days or a week before you install the latest update, but you want those new features so you get it done.
Antivirus updates include the latest detection mechanisms and malware signatures to ensure your AV installation can recognize the newest threats that are out there. Failing to keep your AV up to date is like thinking last year's flu shot is going to prevent you from getting the flu this year. Last year's flu shot won't do much for you, and neither will an outdated antivirus engine.
Tip #2: Never save passwords in your browser
Along with protecting your devices, you need to protect your accounts. While passwords are what does the protecting, they don't do much when they fall into the wrong hands. The best protection mechanisms come from us: how we store and handle our passwords. You can use the strongest passwords in the world, but if you're careless with managing them, you're at the same level as the person who uses the password "c@nt4ackm3!".
One of the biggest mistakes people make is clicking the "Save" button on the Save password pop-up we all get when we log into an account. While this might seem like a good idea and make logging into your accounts much more convenient, it's not a secure practice. The reason is that your browser can easily be infected with spyware or other types of malware.
Spyware is a type of malicious software that may not seem as bad as traditional malware but can be just as dangerous. Its purpose is to gather any information it can from your computer like your browsing activity, the information you enter on websites, and usernames and passwords.
Do you know where I'm going with this?
Spyware can steal the passwords that are saved on your device, which includes the ones that are stored in your browser. Spyware is one of the most common types of malware used to steal passwords due to this use case. Attackers know that people store passwords in their browsers because it’s so convenient, so it’s no surprise that they exploit this weakness.
So while storing passwords in your browser makes it easier to log in to your accounts and prevents you from having to remember passwords, it’s not worth the risk that comes with it. There are also other ways to manage your passwords that are much safer, which we’ll get into in next week’s article.
Long story short? Always click “Never” when prompted to save your password in your browser.
Tip #3: Use a password generator to create random, lengthy passwords
I’m sure you’ve heard this one before and I’m sure you either ignore the advice because it’s too much of a pain, or you create what you think are strong passwords based on dated guidance.
The days of eight-character passwords with numbers and a special character being considered strong are over. It’s no longer enough to set passwords like “a!rpl@n3” or “iLoveC0ff33!”. While these would meet most complexity requirements, they contain predictable special characters and dictionary words, making them very easy to either guess or brute-force with a password cracking application.
I know like myself, many of you learn best with visuals, so below is one of the most helpful charts that portrays just how important it is to create long passwords.
As you can see, even if you just use lowercase letters, but make your password 13 characters long, it will take an entire year for a password cracking application to crack your password. That is, as long as the password is a random string and not an easily guessable dictionary word.
As we look further to the right, we see the time to crack increases based on the number of characters. If we were to create a 10 character password with upper and lowercase letters, numbers, and symbols, it would take five years to crack. And if you want to be really secure, just set a 15+ character password that would be irrelevant by the time it’s cracked.
The key to fully understanding this chart is to remember this only really applies to randomly generated passwords. While the cracking time is the same regardless, non-random passwords can be cracked other ways using what are called password lists, or lists of known passwords. These are passwords that have been previously cracked or breached in a cyberattack.
Additionally, if your password contains guessable words or characters, it’s weak regardless of how long or complex it is, which is why randomness and length are what make passwords strong. One without the other means you’ve got a short, complex password that can be cracked in seconds or minutes, or you have a long, easily guessed password, that will be cracked usually in under a day.
Now, I know this can be challenging at first, so here are a few tips to help you get started:
There are plenty of password generators online — use them!
Using short phrases can make your passwords easier to remember.
Come up with acronyms for your randomly generated passwords to help you remember them. Some password generators even do that for you!
Below are some examples of password/passphrase generators to take the stress out of creating the perfect password.
As you can see, you have the option to customize the types of characters used in the password, and this particular site gives you a helpful way to remember it as well.
In the following three examples, I used a passphrase generator to come up with a randomly generated sentence. This site also had the option to customize the separators, making the already strong password even stronger.
Now I know it’s not easy. Believe it or not, I was once in your shoes. Prior to a career in IT, I was using weak passwords left and right. It wasn’t until about four years ago that I started using less weak passwords, and it’s been a little over two years since I switched to completely random, long passwords. It’s definitely an adjustment, but I can assure you it’s worthwhile.
Here are three tips that will help you secure your devices and accounts:
Use antivirus software on all your devices (including iOS and Android) and keep it up to date.
Never save your passwords in your browser.
Use a password generator to create random and long passwords.
Check back next week for tips to help you better manage your passwords and protect sensitive information.