Recently, over half a million login credentials belonging to users of a popular VPN service have been collected by hackers. Nothing but the attacker’s moniker “Orange” is known, with the hacker releasing all of this information on a dark web forum soon after harvesting the login credentials.
Although this is just the most recent big leak, it’s by no means the first or last one. According to the company’s information, the accounts are believed to be compromised through a previously discovered vulnerability in the VPN product.
This incident is just one of many that should prompt security-conscious people to switch to more advanced password security tools. On this page, we’ll share with you the best tips for password security and discuss the importance of strong password security practices.
Why is Password Security Important?
If someone gets ahold of your password credentials and manages to log in to your financial accounts, they could deal you some severe damage. Moreover, if hackers manage to steal your business-related password credentials, you could potentially put your entire company in danger of leaking valuable information.
Even if you work in a big company or a secure federal organization, if you have a subpar password and weak login credentials, it doesn’t matter how strong the organization’s security measures are. The harsh truth is that anyone can get hacked if they don’t follow the recommended password security guidelines. It’s not a matter of if it will happen, but when it will happen.
Regardless of what type of data breach you encounter, they all have some things in common. All data breaches are embarrassing. Moreover, all data breaches are also often costly. In 2024 alone, the total estimated cost of hacker attacks and password security breaches is expected to cost businesses over 2 two trillion dollars.
And, when you consider that the overwhelming majority of these breaches happen because of human error, the importance of proper password management habits becomes even more apparent. In this case, it’s everyone for themselves, and you should make sure you have the best password security practices in place to keep your valuable information safe. This brings us to the next key topic.
Tips for Password Security
If you’ve ever Googled “how to secure my password”, you probably know how many useless articles there are online that don’t offer any valuable advice on how to secure your password. Without beating around the bush, we’ve summed up the best tips to add extra security to your accounts. Here’s how to secure your password in the most effective ways:
Password Security: Level 1
Do you really know how secure is your password? Regardless of how much you think your password is secure, you can always protect it better. And, the first and easiest way to do this is to enable two-factor authentication (2FA). In simple terms, two-factor authentication is an additional step in the verification process that adds an extra security layer to your data.
Every time you try to access your account or profile from a new device, you’ll have to verify your identity with a secondary key besides your initial login credentials. No one can access your account without this secondary key, even if they obtain your real login credentials. This is why you should always enable 2FA or MFA (Multi-factor authentication) whenever it’s available.
The most common examples of 2FA and MFA are the temporary passcodes you get to your phone via text or an app. That said, this still isn’t the safest way of going about things, as skilled hackers can still potentially intercept these messages and signals and get into your account.
The best way to employ 2FA as your password security key is to use a separate password authenticator app. The best-known app of this kind is Google Authenticator. It’s safe, fast, and works with most major services and platforms.
Lastly, keep in mind that this extra security step does come with certain downsides. If you’re not careful, you can easily get locked out by your 2FA system, especially if you change your phone number or lose your device. Managing your security this way is certainly challenging, but with proper organization and good password management habits, it is possible to keep all of your accounts secure with 2FA.
Password Security: Level 2
If you want to go a bit further than level one and add stronger password security rules, you should make sure all of your passwords comply with the NIST password guidelines. In short, a strong password example should:
- Have a length of at least 16 characters.
- Include a combination of letters, numbers, and characters.
- Not include any of your personal information anyone can find out easily (address, name of children, spouse, pets)
- Not have any consecutive numbers or letters.
Additionally, you mustn’t share your passwords with anyone, write them down or keep them listed in a file on your devices. The more people know your password credentials, the higher the chances are that this information will fall into the wrong hands.
More worryingly, recent research shows that close to half of all Americans use weak passwords of just eight characters or less. These are not nearly as secure as passwords that are twice longer or more.
But, if you’re using such strong and complex passwords that you shouldn’t write down anywhere, how can you remember all of the different login credentials for all platforms and services you use? Luckily, there is a simple solution to all of this, and that’s to use a password manager.
These nifty tools enable you to generate and store all of your passwords in one location. Instead of remembering all passwords and login credentials, you only need to remember one master password when using the password manager. There are many types of password managers, but we can categorize them into three main groups: browser-based, cloud-based, and desktop-based password managers.
Of course, this brings up a reasonable question - how secure are password managers? There are some risks you should know about, most notably that the nature of password managers requires all data to be in one place. What’s more, backup is not always possible, so forgetting your master password can bring up issues.
With all of this in mind, a robust password manager is extremely difficult to compromise in any way. This is because they employ strong AES 256-bit encryption and the so-called “zero-knowledge” technique. The most crucial task is again on you, the user. As long as you create a strong master password, your password manager will be near-impossible to break in.
Password Security: Level 3
In case Level 2 doesn’t provide you with enough security in your opinion, there are even more advanced security practices you can set in place. Most prominently, this includes going completely passwordless for all of your accounts and services.
Over the past few years, a new wave of authentication has swept the industry on the back of the FIDO Alliance. FIDO supports a wide range of passwordless authentication technologies, primarily revolving around biometric identification. This includes fingerprint and iris scanners, voice and facial recognition. Moreover, FIDO authentication also includes effective existing solutions such as USB security tokens, smart cards, and NFC.
FIDO2 is the latest passwordless standard, which uses public-key cryptography to guarantee a safe and convenient authentication system. To achieve this, FIDO2 uses both a private and a public key. To set up and use FIDO2, you’ll first need to sign up for it at the sites that support this security method.
FIDO2 is well-represented in most major services and is supported by Google, Microsoft, Facebook, Twitter, AWS, and other top services. You can pick from dozens of FIDO2-compatible security keys, many of which come with built-in support for the four major operating systems (Android, Windows, iOS, and macOS). This allows you to conveniently use biometric authentication on all of your devices that support such a feature.
The main drawback of this type of password security is that it’s still in its early years, meaning that it hasn’t spread to all services and platforms. Apart from the major tech players in the industry, not many small platforms and sites have implemented the FIDO2 standard yet. So, for now, you can’t completely commit to Level 3 and entirely disregard the use of password-based authentication.
Manage Passwords Without Any Hassle
If you want to create the most secure system for managing your passwords but don’t appreciate the hassle that comes with methods the security levels we’ve discussed above involve, we have a straightforward and effective solution for you. The Hideez Key 4 bridges the gap between password-based and passwordless authentication.
With this security key, all of your passwords from your accounts are stored in a separate encrypted device. The device in itself is protected by a master password. The Hideez Key connects to your device via Bluetooth. It auto-fills your passwords with just a click and generates strong NIST-compliant passwords or one-time passwords. Moreover, it has a proximity authentication feature, so you can automatically lock or unlock your PC when you approach it or walk away from it.
Additionally, it works as a FIDO security key. This means that you automatically have passwordless access to FIDO-supported websites and apps, as the key itself replaces the passwords.
Best of all, the Hideez Key 4 has both FIDO U2F and FIDO2 certification. You can use it either for personal security needs or within your business environment to protect charred workstations and accounts. If you want to learn more, you can try out the Hideez Authentication Service completely for free or schedule a demo with one of our security experts.