Happy World Password Day from Direct iT!

Happy World Password Day from Direct iT! Here are a few helpful tips to make sure you aren't leaving the door wide open for hackers to gain access to your accounts.

What NOT TO DO:

  1. Use the same password everywhere: This is critical to understand: if you use the same password for everything and one account gets compromised in a hack, your entire digital footprint and identity becomes compromised. It is especially important to run phishing simulators for your entire staff to make sure they can identify false e-mails.
  2. Share your password with other people: It is not the best idea to give your friend Susan the password to your Netflix account if it’s also the login for your bank or professional accounts. It is especially dangerous to send these passwords to your friends accounts, which for all you know could have the easiest passwords to break.
  3. QWERTY Is a terrible password: Also it was the third most popular password last year, according to the UK’s National Cyber Security Center. Other popular passwords include 1q2w3e4r5t, admin, starwars, and the ever-popular 123456. It’s best to avoid these or any combination of them.
  4. Use information like street address, Mother’s maiden name, or local sports team: Hackers likely already have this information. Data from social media profiles lets them know who you’re connected to, what teams you follow, or what movies you like.

What TO DO:

  1. Longer passwords are harder to crack: While some people may purport that eight characters is enough, in actuality the strongest passwords are anywhere from 20 characters to 64.
  2. Routinely change your password: One of the best ways to make sure that your credentials aren’t compromised is to switch your passwords every few weeks. This way, if a password does get out, you’ll likely have changed it by the time it appears on a list.
  3. Use Two-Factor Authentication (2FA): 2FA gives you the power to accept or deny any login attempts. If someone logs into one of your accounts, your phone will be sent a message with an additional code. If it’s you, just put in the code. If it’s not, well, then whoever it is is at a dead end.