Best practices for password policies

Did you know that every first Thursday of May is World Password Day? If not, then this is a good time to start thinking about your passwords and how to safely create and use passwords. With Covid-19 there are more people working from home, which means they have to access servers and data at their office, all protected with logins and passwords.

If you use a password, make sure it is a long password
With every data breach, it’s painfully clear that weak passwords are still the number 1 cause. According to the UK’s National Cyber Security Centre (NCSC) the password “123456” was the most hacked password, occurring in more than 23 million records. This brings us to the underlying cause of data breaches, which is the use of common words or a single string of numbers that can be easily guessed.

The cybersecurity industry standards advise that a strong password consists of 32 or 64 random characters, to make it difficult for hackers to guess the password. In practice, using a longer, simpler password is more secure than a short, complex password. Because the longer the password is, the more time and resources it will take to crack.

Use different passwords for different accounts
If a hacker breaches one account, nothing can stop them using the same password to gain access to other accounts. This puts your valuable personal data (finances, calendar, etc.) at rick. You might even become the victim of identity theft.

Even if you use a strong password across multiple platforms, you create a single point of failure, that can be used by bad actors to gain access to multiple applications.

Use a password manager
So you now know that a strong password is a long password and that you have to use a different password for different accounts. But how do you manage all these passwords? That’s where a password manager comes in. A password manager creates and stores all your passwords (and other things like credit cards, software licenses, social security numbers, etc.) in an encrypted file, protected with 1 master password. This saves you time and money, while maintaining a strong password security. Popular password managers are 1Password, Dashlane, KeePassXC and Lastpass.

Use multi-factor authentication whenever possible
Multi-factor authentication (MFA) means that you use a second or third form of verification. This can be done in different ways, for example with push notifications or one-time passwords (OTP). Or by using a physical token. An example is 2FA from Apple: whenever you login with your Apple ID, a push notification is send to one of your other devices. By confirming the login is correct, the device generates a 6-digit code which you have to enter on the login screen. Another example is the