Thycotic Telephone Number +1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Change Your Password Day: How to breakup with your password

Written by Jordan True

January 29th, 2019

Do you have that one great password that you love? It’s your go-to when creating a new account. You love it because it’s reliable and usually tied to a fond memory like the street you grew up on, or your childhood pet.

Problem is, your favorite password is putting you at risk

For many, that password is used repeatedly for all types of accounts like your corporate Salesforce login, your Facebook account or your bank. And for some, that beloved password may be older than your current relationship. The problem is, it’s putting you at risk of identity theft, ransomware, an online account hack, computer viruses and more.

Should you breakup with your favorite password? (Scroll down to take the quiz)

This may be the hardest thing you do, but we guarantee that breaking up is much easier than having to deal with identity theft. Change Your Password Day is on Friday, February 1st and we’re asking you to breakup with your favorite password. Yes—with Valentine’s Day just two weeks away! But don’t turn to a new favorite password. Instead, generate unique passphrases for every account.  And make sure you only change your password in a secure environment and not in public, free WiFi spots.

How to get over the breakup and move onto something better 

Breakups are tough, but once you’ve replaced “old favorite” with a variety of new, strong passwords you’ll never look back. I promise. Good passwords require some creativity, so let’s look at the four top password best practices:

  1. It’s complicated. A good password is one that’s complex, yet something you can actually remember. Plus, it must be unique for every account. This may seem like a daunting task. So how do you do it? Get a password manager, and start using passphrases. What exactly is a passphrase? A passphrase is a combination of words used to create a sentence that generates complex, long passwords that are easy to memorize. Using a passphrase with a combination of complex characters such as $ymB0LS drastically increases your security and protection of personal data. It’ll take some time to upload your credentials into the password manager, but invest the time and use the password generator function to create complex, new passwords for your accounts. The passwords should be at least 16 characters long. As you update all your accounts with the new passwords, set up two-factor authentication on all supported accounts that protect sensitive information.
  2. It’s not for life. Don’t grow too attached to your new passwords—you’ll be breaking up frequently. So, how often should you change your password? Our Chief Cyber Security Scientist dives into the password rotation debate a bit more in this post but advises that it really comes down to what the password is protecting. If it’s your bank and personal financial info, we recommend using multi-factor authentication (MFA) and rotating the password somewhere between six and twelve months. For less sensitive accounts, you can go longer if MFA is being used. Really, it depends on how proactive you want to be with your security. Sometimes, changing your password can alert you to whether it was already compromised and being abused.
  3. Adopt long passphrases. Complexity is important but the size of your password matters more. Most sites and applications set a minimum requirement of 8 characters for your password. But how long should a password be? We recommend you use at least 16 characters for your password. Once you hit the 12 – 16 range, you make it WAY harder for a cyber criminal to brute force or guess your password. For example, myV@lentin3 does little for protection compared to eastsideapple%summer#mountainracer. As you are (hopefully) going to start using a password manager, you can set up password requirements to make every password generated by the tool the length you want. So why not make it the highest character count possible? Let the password manager do the work for you so you can spend more time doing what you enjoy.
  4. Don’t forget your anniversary. Yes, you still must remember that special day. Add a simple reminder or reoccurring alert on your calendar to change your passwords on a schedule, not just on Change Your Password Day. Even better, let your password manager help you as most password managers will provide a report on password age and strength—so you have more time to have fun!

You’ll have to remember at least one long passphrase to log into your password manager, so here are a couple of good passphrase examples for reference:

Use uncommon words and phrases to craft a password that will give you a mental image so you can memorize it more easily.

HemingwayRaspBerrythyme$trong398!9

Why is this a strong password? We’ve chosen some bizarre words for one. Secondly, this password is 34 characters long. There is mention of one of my favorite authors and fruits for easier memorability. Be careful though, you won’t want to incorporate words or phrases that are commonly used in your security question answers. Your high school mascot just won’t cut it! It most likely has been leaked during a breach or easily found on your Facebook page. Trust us, cyber criminals are incredibly creative.

bErlin47zoDiazzzflame84!ChaLlenge2

Why is this a strong password? Again, completely uncommon words have been used to craft this passphrase. This time around, I’ve incorporated a better mix up of letters (upper and lower case) and have added numbers as sentence spacers. Quick security tip: Never use _ as a word space as it is a common substitution well known to hackers.

Run5xHillforesthalfMarathonletsg0!

Why is this a strong password? Creating a passphrase needn’t be such a chore. Take the advice from Mauricio Estrella’s story on ‘How a Password Changed My Life’. He was prompted with the annoying reminder to reset his password but used it as an opportunity to make a life change. He had recently gone through a divorce and his ex left him completely heartbroken. He decided to use “Forgive@h3r” as a password (this is a terrible password so DO NOT USE IT) to move on. Instead, look at my example above which helped me with my half-marathon training. I need to run at least 5 times a week and incorporate hill workouts into the mix. A fun passphrase and reminder known by me, but not to a cyber criminal.

Quick Note: These are just examples of good passwords, so don’t use them for your own passwords as they are now published on a public website!

It’s love, again

While you fall in love with your new system of password management, we’d like to offer a few additional tips as Valentine’s Day is fast approaching. Please don’t ever share your passwords with anyone, not even your significant other. While it may seem harmless, sharing your password with a loved one drastically decreases the security of your account. It’s just not worth the risk. Here’s a particularly creepy story of how one ex took advantage of having access to his ex-lover’s Ring account to monitor his activity and even tell him to walk his dog more.

Don’t let Change Your Password Day be an irritating reminder to update your passwords, Make online security a lifetime love affair. Find out if it’s time to end your love affair with your password with our Valentine inspired quiz below.

Infographic | Break up with your Password

Browser-stored passwords make it easy for hackers to get inside your network.

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords

 

SHARE THIS


The following two tabs change content below.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.