It’s hard to believe that usernames and passwords are over sixty years old. They seemed like a good idea at first. But as more and more things have gone digital, we’ve become overwhelmed with the sheer number of usernames and passwords we have to manage. At ForgeRock our mission is to create identity experiences for people at work, at home, or on the go, that are both simple and secure. No more usernames or passwords, no more secret questions, and no more awkward registration processes. This is a world where you never have to log in again.
We’re working to bring this vision to life. Until we’ve all gone passwordless, here are some great tips on managing those pesky passwords.
Don't reuse passwords
Hackers don't just “guess” passwords. More often, they steal usernames and passwords and then try to use the same credentials at many other websites. If your Amazon password is stolen, and you used the same password with your bank, cybercriminals have access to two accounts for the price of one.
Check for compromised passwords
You can find out if your credentials have been compromised, on websites like https://haveibeenpwned.com. If a password has been stolen, change it immediately, and be sure to create a unique password for each site you use.
Change passwords regularly
Change your passwords every three to four months, whether they have been compromised or not. Hackers often bide their time between stealing passwords and using them. If you keep your passwords “fresh,” it's less likely that they will still be valid when cybercriminals try to use them.
Create a personal passphrase pattern
What’s a passphrase? It’s a combination of words to create a longer and more secure password. Create a passphrase with a pattern that is easy (for you) to remember but almost impossible (for a stranger) to guess.
For example, take letters or numbers from a site's name or URL and pepper your passphrase with them. Append the first and last letter of the site's domain name to the passphrase. If your passphrase is 2SillyFrogs!, your password on ForgeRock.com is FK2SillyFrogs!
If you sign up for a new account on LatestThing.com, you have an instant, strong, unique password: LG2SillyFrogs!
Avoid sharing personal information
Bad actors like to pick up personal information about you so they can answer account reset questions or trick friends and colleagues into giving up more information about you. Now’s the time to reconsider that bumper sticker with the names of your children (or pets) and that quiz on Facebook asking about your first car. Be judicious about sharing personal data in both the digital and the physical realms. And be a good digital citizen: be conscious of how you share other people’s personal data too. Practice situational awareness, a key part of cybersecurity awareness.
The best password security advice is to get rid of them all together. But with the tips in this blog and a general awareness of good password management practices, you can elevate your security posture on the internet. Stay safe out there.
Learn more about going passwordless by attending an exclusive ForgeRock webinar, featuring Forrester: Eliminate Passwords, Eliminate Risks: Tips, Technology, and Best Practices.