Understanding Password Security and Multi-Factor Authentication (MFA)

How many passwords do you think you have? Whatever your guess is, the actual number is likely much higher. This is because you have passwords for a variety of personal and professional platforms, apps, and websites. You might be forgetting about passwords that you set up on websites you no longer visit. There’s a good chance that those old passwords aren’t long, random, and unique. Even the passwords you’ve set up most recently might not be as secure as you believe.

This is important because cybersecurity breaches can occur when your passwords can be easily guessed, or if you’ve used them before. This article outlines the tools and best practices when creating and managing your passwords, remembering them when needed, and further enhancing account security with multi-factor authentication (MFA).

Apply these three tips when creating passwords

Consider keeping the following recommendations in mind as a standard for secure passwords:

• Prioritize length over complexity: Longer passwords are harder and take much longer for computers to guess. Using a string of random words (i.e. I miss my lemon muffins) is much easier to remember and input than a complex password (i.e. 1 m!s$ mY 13m0n mUFf!n$!). We recommend aiming for at least 14 characters or 4-6 words to form a passphrase.
• Create unique passwords: Each account should have a unique password. This reduces the risk of one breached password compromising multiple accounts.
• Keep your passwords safe: Do not share your passwords with anyone and consider updating your passwords as needed. Avoid storing your passwords in documents or notes on your computer, as well as on sticky notes on your laptop, monitor, or desk.

Consider using a password manager

The reality is that you probably have a lot of passwords, and it’s an impossible task to remember them all. That’s where a password manager comes in handy. A password manager is software that can create secure passwords for you and securely store them. There are many password manager options, each with slightly different features and price points.

Here are a few features and benefits of password managers:

• Password managers can generate and store complex and lengthy passwords for you.
• Most password managers require a master password to access your passwords, which adds an extra layer of security.
• Some password managers have mobile apps for you to access from your phone.
• Some password managers can also act as an MFA (more on this below) to store your one-time passcodes for multi-factor access.

Know the benefits of MFA

MFA is a security method that requires two or more types of authentications to verify the identity of a user and grant access to a system or service. Enabling MFA, when possible, can make it harder for cybercriminals to remotely access your accounts.

Successfully entering your username and password is one of four main types of authentications:

• Knowledge: Something you know. For example, security questions, username, and password.
• Possession: Something you have. For example, a work badge, cellphone (text and push notification), hardware token, etc.
• Inherence: Something you are; personally identifiable. For example, biometrics such as fingerprints and iris scans, or voice recognition.
• Location: Somewhere you are; your physical location. For example, U.S.-based consumers can only stream North American streaming contents.

Securing your account with more than one type of authentication effectively sets up MFA on your account. This added layer of security can reduce your account’s exposure when compromised.

When evaluating your MFA options, consider opting for hardware tokens or authenticator apps when possible. Cybersecurity experts generally agree on the following list of MFA options ordered from most to least preferred:

1. Hardware token – USB token devices or one-time passcode generator.
2. Authenticator app – Mobile app for push notifications or time-based one-time passcode.
3. Email – Code delivered via email. Vulnerable to phishing and email account protection.
4. SMS – Code delivered via text message. Vulnerable to SIM swapping and SMS phishing.

A primary element of digital security includes understanding the benefit of unique, lengthy passwords and using MFA wherever you can. A password manager can be a helpful tool when you need to manage multiple passwords. And when you create a new account on a platform or website, taking the time to set up MFA can go a long way in helping you protect your account.