As the president and CEO of an information technology services company, I’ve seen firsthand the importance of protecting yourself and your business from hackers. One of the first steps you can take to ensure you’re protected is to create strong passwords.
But instead of offering common how-to suggestions, I’m going to throw out a few pieces of advice on what not to do. I hope this tongue-in-cheek approach will show you how taking a few simple steps can help you protect your most important cyber assets: your passwords.
With that said, here are five surefire ways to get your passwords hijacked and what to do instead:
1. Use the most obvious people, numbers and events in your password.
You might be thinking, “Why should I make my passwords so difficult to remember?” After all, you have dozens of them to keep track of, and you’re busy and don’t have time to think of something clever and complicated for each one of them. Birthdays, anniversaries and Social Security numbers are easy choices, right? Wrong.
The truth: If it’s easy for you to create and remember, it’ll be easy for cybercriminals to break. Go for longer passwords — a 12-character password is a lot harder to hack than a six-letter password. Also use a combination of letters, numbers and special characters. For the little time it takes to be a bit creative, you can save yourself a world of trouble.
2. Use the same password for all of your accounts.
It’s incredibly frustrating to forget your password and be locked out of your account. Isn’t it just easier to come up with a good password, like your child’s birthday or your wedding anniversary, and use it across all your accounts? What’s the worst that can happen?
The truth: Imagine the number of accounts you have that require passwords. If you use the same password for all your accounts, just one of them has to be hacked to leave you vulnerable across the board. If your Amazon or Netflix account is compromised, for example, you want to make sure that your bank account and health records are still safe.
3. Keep your passwords on a sticky note on your computer or in a desktop file.
It’s a lot easier to put all your passwords right where you can access them, either physically near your computer or in an easy-to-find folder on your desktop. Simple. Easy. Organized.
The truth: Repeating our previous mantra, if your passwords are easy for you to access, they’re easy for others to find as well. You wouldn’t leave your purse or wallet lying around for anyone to get to, would you? Instead, consider using a password managing program. There are several options on the market that are easy to use, inexpensive and highly reliable, such as LastPass, which keeps your passwords highly secure and gives you control and privacy.
4. Don’t waste time with two-factor authentication.
Why waste the time having to enter yet another passcode every time you sign in to an account? If you have a long, complicated password, isn’t that enough?
The truth: For particularly sensitive information, you should consider two-factor authentication. It adds an additional layer of security by providing a randomly generated passcode that is typically texted or emailed to you. It is well worth the time to punch in a few more digits if it means keeping your most sensitive data safe.
5. Avoid creating a corporate password protection policy.
For many leaders, there might be one thing that’s worse than coming up with creative passwords and updating them regularly: Writing a corporate password protection policy that they believe no one will comply with or care about.
The truth: A companywide set of principles and procedures on password importance and pragmatics tells everyone on your team that you mean business, you’re going to expect and deliver compliance, and you’re going to do what it takes to make sure your data is as safe and secure as you can make it. Start by insisting that all corporate passwords are a certain length and that they are different than any passwords your employees use for personal accounts.
The real shame in the password-protecting game is that it doesn’t take much more time, effort or resources to protect your most valuable asset: your data and that of your clients. And the consequences of a data breach are as devastating in cost, clean-up and reputation as ever.
Don’t be lazy, loose and lethargic — cybercriminals are counting on it. Spend time creating good passwords, and change them regularly. Keep them secure, using a third-party program if necessary, and make sure everyone on your team knows what’s expected and why.