9 Practical Password Security Best Practices
Each new account, app, and device you add to your lineup brings yet another new password. Passwords defend against unauthorized access that can jeopardize your privacy and personal information, so following some basic password security best practices can help you keep your assets and identity safe.
What is password security?
Creating strong passwords and protecting them from being lost or stolen are important parts of password security, but they are only part of the story. Password security combines processes, policies, and tools to make our passwords and the authentication process more secure. Important aspects of password security include:
- Following straightforward rules to make passwords stronger
A strong password is one that is at least 12 characters long, uses a combination of uppercase letters, lowercase letters, numbers, and special characters in a random order, and avoids using common phrases or sequential strings (like ABCD and 12345). A strong password also leaves out numbers or phrases that can be linked to your identity, like your name, address, phone number, or anniversary date.
- Preventing unauthorized access and data breaches
Protecting yourself, your information, and your company from data breaches is the most important benefit of password security. The best password practices can counteract hacking tactics used to steal or compromise data, including:
- Phishing: A form of social engineering that uses misleading emails disguised as urgent requests from reputable companies to lure us into clicking on unsafe links. Phishing emails might also ask the recipient to reply with personal information like credit card numbers or passwords.
- Brute-force attacks: A common hacking tactic that uses random combinations of usernames and passwords to attempt account logins until a match is found. Brute-force attacks have become more sophisticated as many hackers make use of computer automation and artificial intelligence to cycle through combinations more quickly.
- Spyware: As a particularly malicious form of malware, spyware installs itself on your computer or device and monitors your online behavior, relaying personal information to an attacker without your knowledge or consent. Spyware can be difficult to detect, allowing information to be intercepted for long periods of time.
Want to make life harder for scammers?
Check out our free username generator and random password generator tools.
Think you have a strong password? Use our password strength tester tool to put it to the test!
What is password hygiene?
The concept of hygiene implies good health, cleanliness, and regular maintenance. In cybersecurity, good password hygiene means strong password creation, safe password storage, and secure password sharing. Essentially, password hygiene requires an ongoing commitment to good password practices and continuous improvement.
9 practical password security best practices
Password management best practices are a combination of proactive tools and habits used to improve password health and useful password security tips on what to avoid. These nine password tips can take your cybersecurity profile and productivity to the next level.
What you shouldn’t do
- Don’t share passwords unsecurely: Retail and subscription accounts like Amazon and Netflix are commonly shared among friends and family, and passwords for workplace applications are often shared among employees. If you share a password with someone who is impacted by cybercrime, you become vulnerable as well if the shared password is compromised and used to access your account(s), so it’s important to share passwords safely. This rules out sticky notes, texts, emails, and within internally shared documents. Even communication platforms like Slack can be unsafe since the unencrypted information is stored for long periods of time and can also be exposed during a breach.
The best password managers include secure password-sharing portals that enable you to share information without increasing your vulnerability. - Don’t store passwords unencrypted: Unprotected password lists and spreadsheets can undermine your privacy and security. Encryption converts your passwords into a format that only authorized parties can read. Password managers like Dashlane use AES-256 encryption, widely accepted as the strongest encryption type available, to protect passwords before they are stored online.
- Don’t use browser-based password managers: Most browsers include built-in password managers that conveniently save and recall your passwords, usernames, and even credit card information. Unfortunately, this convenience can come at the expense of security since passwords saved in browsers aren’t typically protected with encryption. Instead, erase passwords saved on browsers and use a secure, personal password manager to create, store, and encrypt passwords.
- Don’t update passwords regularly: Aren’t frequent password changes a good idea? Not too long ago, password updates at preset time intervals were considered a wise security practice, but recent NIST recommendations point out the downside of these frequent changes. When our passwords are updated too frequently or at forced intervals, we often make only minor changes that hackers are likely to guess, or we simply reuse passwords for convenience.
Even though periodic resets are no longer necessary, passwords should always be updated if they are impacted by a data breach or detected on the dark web. It's also best to change your password if it's shared unsecurely or if you suspect any of your passwords have been otherwise compromised. - Don’t reuse passwords: Reusing login credentials is a common practice that can also become a dangerous one. When you reuse passwords for multiple accounts, you diminish password security by exposing multiple accounts if even one password is lost or stolen. A password manager that provides a password health score helps you eliminate this habit by continually compiling lists of your weak, compromised, and reused passwords.
What you should do
- Make unique and secure passwords: Creating strong passwords means making them as random and unpredictable as possible so they will be less vulnerable to hacking and data breaches. Just a few additional characters can add years to the expected code-breaking time. The best way to strengthen and randomize new passwords is by using a trusted password generator.
- Use encryption: Hiding information in an unrecognizable format is a practice that dates back centuries and is also among the most secure password practices available. Scrambling passwords and other sensitive data through encryption makes them unreadable or unusable to hackers, which can lessen the impact of a data breach.
- Use a password manager: A password manager lets you implement password security best practices quickly and easily. Automated password generation features and secure, encrypted vaults for password sharing and storage protect your information from intruders. The best password managers turn frequent password resets and reliance on unprotected browser password managers into relics of the past.
- Use 2-factor authentication (2FA): 2FA uses a second credential, such as a code sent through an app, to confirm your identity. This makes it much more difficult for a cybercriminal to access your account. Multifactor authentication (MFA) takes this security practice to the next level by adding identifiers, like fingerprints or facial recognition, to the process. 2FA and MFA identifiers fall into three categories: knowledge, biometric, and possession.
How Dashlane protects your passwords
With a host of user-friendly features for password generation, storage, and recall, Dashlane makes good password hygiene easy. Standard features like 2FA, encryption, and Password Health scores raise your security profile while making it more convenient to access the accounts you need at home or at work.
Some password managers have similar features, but they don’t all work the same way. Find out how the top options on the market stack up in Dashlane Versus 1Password, LastPass, Keeper, Bitwarden, Zoho Vault, and RoboForm.
References
- Dashlane, “How Strong Is Your Password & Should You Change It?,” August 2022.
- Dashlane, “Data Breaches and Weak Passwords: A Love Story,” February 2018.
- Dashlane, “The 7 Steps of a Cyberattack—And How to Prevent Them,” July 2021.
- Dashlane, “What the Hack is a Brute Force Attack?,” February 2020.
- Norton, “Spyware: What is spyware + how to protect yourself,” December 2021.
- Dashlane, “Toothbrushes and Digital Hygiene,” June 2021.
- Dashlane, “Sharing Passwords Through Slack Is Risky,” November 2019.
- Dashlane, “Share your saved items in Dashlane,” 2022.
- Dashlane, “What is Encryption?,” March 2019.
- Dashlane, “Can You Trust Your Web Browser With Your Passwords?,” December 2019.
- Dashlane, “How to Erase Saved Browser Passwords: Step-by-Step Guide,” November 2022.
- NetSec News, “Summary of the NIST Password Recommendations for 2021,” November 2022.
- Dashlane, “How to Shine a Light on the Dark Web,” June 2022.
- Dashlane, “How to Stop Reusing Passwords for Good,” January 2020.
- Dashlane, “Random on Purpose | Dashlane Commercial Fall 2020,” August 2020.
- Dashlane, “Resist hacks by using Dashlane's password generator tool,” 2023.
- Thales, “A Brief History of Encryption (and Cryptography),” November 2022.
- Dashlane, “Putting Security First: How Dashlane Protects Your Data,” January 2023.
- Dashlane, “A Deep Dive into Dashlane's Zero-Knowledge Security,” June 2022.
- Dashlane, “How Do I Make My Password Stronger?,” January 2020.
- Dashlane, “A Complete Guide to Multifactor Authentication,” November 2022.
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “Dashlane Versus 1Password, LastPass, Keeper, Bitwarden, Zoho Vault, and RoboForm,” November 2022.
Sign up to receive news and updates about Dashlane