On this World Password Day (6th May 2021), we wanted to share a blog piece from our partners and sponsors, Avast, written by Christopher Budd:
"World Password day is the perfect day to make sure you’re up to date on good password practices.
First, a reminder that the top best password practices are: use unique passwords, use long passwords, include upper and lower case letters, numbers, and (when possible) extended characters like “#”, “$”, “&”. If you need help generating good passwords, you can always use our strong password generator.
In addition to that, there are three things you can do today to help improve your overall password security:
- Get a password manager (if you don’t already have one)
- Check to see what, if any, passwords have been leaked
- Change the passwords or close those accounts on any sites whose passwords have leaked
Get a Password Manager
One of the most important ways you can protect your passwords is to use a unique one for every site. With all of the different different sites we use these days, it can be nearly impossible to remember a unique password for each one. Also, most people can’t remember a single, long, complex, really good password, let alone tens -- if not hundreds -- of them.
This is where a password manager can help. A password manager can generate long, complex passwords and store them on a site-by-site basis. This makes it possible for you to have long, complex, unique passwords for every site.
Once you have a password manager, make sure you pick a really good master password. That master password is the key that unlocks all of your passwords. That means if it’s stolen, all of your passwords are compromised.
If it helps you have a better master password, it’s okay to write it down to help you remember it. Just remember to take care to keep that written-down password secure. Also, you should make sure that whatever email account is associated with your password manager is secured with two-factor or multifactor authentication. This is the address that your password manager will email if you need to reset your master password. If that account isn’t strongly protected, someone could theoretically take over your email account, hijack your password manager and gain access to all of your passwords.
Check to see what, if any, passwords have been leaked
Unfortunately, the odds are good that you’ve had passwords stolen or leaked from at least one of the data breaches, password thefts, and leaks that have happened over the past few years. I myself can count over 20 that have affected me.
It’s become such a problem that there are now online, searchable databases that will tell you what passwords are known to have been leaked or stolen. One of these is the Avast HackCheck site.
All you have to do is go to the website, enter an email address, and the site will tell you any data breaches or leaks that have compromised your passwords. You should do this for and all of your email addresses.
These sites are the closest thing there is to comprehensive searchable databases for lost and stolen passwords. It’s something you can use for World Password Day and any day you want to know if any passwords have leaked or been stolen.
Change the passwords or close those accounts on any sites whose passwords have leaked
If you find that your password for a site has been lost or stolen, that means that password may be in the hands of attackers and for sale on the internet. Anyone who has your password can log into that site as you, so you need to change those stolen passwords ASAP. And, if you have used the same password on other sites, change the password on those sites, too.
As you go through to each site where your password information has been lost or stolen, you can use your password manager to come up with a new, more secure password for that site.
Another thing to consider: if you find your password has been lost or stolen from a site you don’t use any more, consider just closing that account entirely. It’s a good idea to close accounts you don’t use anyway. And if a site has already lost your password, it’s worth questioning whether you trust that site enough to continue using it. Many people, myself included, will find stolen or leaked passwords for accounts that they forgot they even had. So this can also serve as a prompt to clean up old accounts you don’t need or want.
Finally, if you’re an Avast customer and use Avast Premium Security or BreachGuard, they also have a built-in checker to let you know of passwords that have been lost or stolen, so take this opportunity to use that feature.
Unfortunately, data breaches where passwords are lost or stolen have become a way of life -- and it’s likely to be a problem for the foreseeable future. While taking time to review and change lost passwords takes some time, it’s a very important and good step to take to better protect yourself online. If you make this a regular practice and do it at least once a year on World Password Day, you’ll be much better off and safer online."