Best Practices for Password Security

Chad Bennett

October 8, 2020

Passwords are your first line of defense in protecting your private data as compromised credentials are responsible for 81% of hacking-related breaches. The importance of having a secure password is the difference between being hacked in seconds or not at all. Hackers are increasingly finding creative ways to compromise your online accounts and are literally targeting everyone using automation for most of their attacks. With large data breaches being announced every week and personally identifiable data being sold and distributed on the dark web it is vital to secure your front door – your password.

Personal Information: Never use personal information in your password. This means pet names, family, friends, places, events, and more. Targeted attackers can easily find this personal information through social media and will most likely attempt using your personal information first to steal your password.

Password Length: The bare minimum character length of a password should be 8 characters. Remember, the longer the password the better. We recommend using 15 – 20 character passwords.

Password Complexity: Use a combination of uppercase letters, lowercase letters, numbers, and symbols such as 7i^Xt!8j%k0Bf#1. Avoid using sequential numbers like 1234, alphabetical order letters such as abcd, and even adjacent keyboard letters such as zxcvb or qwerty.

Password Reuse: Many people use the same password for most or all of their accounts. This is a huge security risk and must be avoided. Password reuse includes using similar passwords such as Cloud1 and Cloud2. To avoid being hacked use a different and complex password for each account.

Password Managers: A password manager is a secure digital vault that allows you to store the login information you use to access apps and online accounts. In addition to keeping your credentials and sensitive data safe, the best password managers have a password generator to quickly create strong, unique passwords and ensure you aren’t using the same password in multiple places. With all the recent news of security breaches and identity theft, having a unique password for each location is essential to ensuring that if a site you use gets hacked, your stolen password can’t be used on other sites. Most password manager services provide a free personal account including the two services we recommend. LastPass.com and 1Password.com

Two-Factor Authentication (2FA or MFA): Two-Factor Authentication, also known as Multi-Factor Authentication, is an extra layer of security that requires a user to provide a second piece of information such as a verification code before you can log in. If possible, it is recommended to avoid using 2FA via text messaging since hackers can easily intercept SMS messages. There are many authenticator apps that are much safer such as LastPass Authenticator, Google Authenticator, and Microsoft Authenticator.

Security Questions: Security questions were designed to serve as an authentication function, but they can be the exact opposite and a hacker’s dream. The security questions can be extremely easy to crack. The answers to these questions can be found on social media and the internet everywhere. For example, a security question “Your brother’s middle name” can easily be found for motivated attackers. If you are required to fill in security questions, avoid using easily found information. We recommend creating random answers to your security questions and saving the data in your preferred password manager.

Bottom line

Your passwords should be impossible to remember and nearly impossible to crack. The best way to do this is by creating a long, randomly generated password using a password manager along with utilizing two-factor authentication. When you use a password manager such as LastPass or 1Password, you will only ever have to remember one password. Hackers are motivated by many different reasons and when it comes to your passwords, you must be proactive to secure your information.

Being proactive includes finding out if you have already been compromised. An average of 95 passwords are stolen each second. HEROIC offers a free and easy way to check your email accounts. Our data breach scan is 100% private and secure. Protect your identity, contact HEROIC.com today!

Get Invited

Joining HEROIC is by invite only (see why). To Get invited, here are 2 simple steps to get started.

Jump on Social Media

Submit a post on social media asking your friends whether one of them can invite you.

See who Already Follows

Go to HEROIC’s Facebook or Twitter page and see which of your friends already follow HEROIC. They may laready be registered

Be the first to know when we launch

HEROIC is still under development, but we are well underway. We estimate launching in early 2024. Subscribing lets you know when we launch, and how you can be the first to reserve your HERO's (special currency specific to the platform).
*  Your Email Address:
*  Preferred Format:

Email marketing by Interspire