Creating Secure Credentials for Today’s Cyber-Threat Ecosystem

hacker trying to break username and password credentials

We miss the days when we could use our name as a username and our pet’s name as the password. It was a time when we did not have to worry about someone getting into our accounts to do something malicious. Those were the simple days, but unfortunately bad people figured out the worth of our data and our credentials. The internet has matured and so should our security habits. We can no longer use our simple credentials and hope for the best. In today’s cyber-threat economy, we have to put on our security hat, and configure our account security appropriately to make sure that we’re not left to vulnerabilities. Having secure credentials is the first and the most important step of securing your accounts. To create secure credentials, please follow the instructions below:

Step 1: Creating a secure username: This is more important in some instances than others. Let’s begin with your email. Your email will always be your username, which is fine. But for something like your Online Banking, you don’t want to go with something as simple as a combination of your first and last name. The information that is listed within your Online Banking is too valuable and you wouldn’t want someone to have access to your money. For example, let’s say your name is Taras Shevchenko, stay away from usernames like ‘tshevchenko’, ‘tarass’, ‘tarasshevchenko’, etc.

Step 2: Creating a secure password: Having a secure password is even much more important than having a secure username. To create a secure password, try following these rules:

  • At least 10 characters, but more won’t hurt.
  • If the system allows, use at least 1 upper chase, 1 lower case, 1 number, and at least 1 special character.

Don’t use easily identifiable personal information about yourself in the password. For example, if your Facebook description says you love Pizza, don’t make your password ‘Pizza123!’

Step 3: Setting security questions: It is surprising that this still exists since the whole world knows about how vulnerable they are. Where you went to elementary school or your first pet’s name should not be a valid method of identifying you. More likely than not, you have shared that information on your Facebook account in some way. But since there are still plenty of systems out there that require security questions, we can actually use them to our advantage to secure our credentials even more. Instead of actually answering the security questions, common security practice is to create random answers or ‘secondary passwords’. Just make sure you safely record and store these answers and don’t lose access to them.

Step 4: Two Factor Authentication (2FA): Also known as Multi Factor Authentication (MFA) or One Time Password (OTP). This became very popular in the last few years as a more and more credentials started to become compromised. 2FA authenticates that you are who you truly are by sending you a one-time code to your cell phone via text message. A six digital numerical code format will be sent in which you will enter after entering your username and password. Other options for 2FA is Authentication apps. Some popular options are:

  • Authy
  • Google Authenticator
  • LastPass Authenticator.

Having 2FA is almost crucial to have now a days, so as annoying you may think it is, always enable these! You will be very happy that you did when you get a confirmation code when you are not trying to sign in, but instead someone else compromised your credentials.

Step 5: Storing Your Secure Credentials: Your credentials are as secure as how you store them! Sticky notes on your monitor – no way! Password protected with multiple step authentication password management tool with military grade encryption – yes please! Here are some great password manager application:

  • LastPass
  • Keeper
  • 1Password
  • Dashlane

Step 6: Bonus Security Measures: At this point, you’re pretty secure! But there is always room for improvements, right? Some additional action steps you can take to make your credentials even more secure are:

  • Turn on account notifications – get notified every time when there is a login from your account. This way, you know when and who is signing in under your credentials and you can stop it quickly if it is someone is malicious.
  • Have a recovery method? Make sure it is just as secure as the credentials that you are trying to secure. You wouldn’t have an alarm system on your front door and keep your backdoor unlocked in your house, would you?
  • Don’t recycle your credentials – If your one account is compromised and you use the same credentials everywhere, well all your accounts are are likely to be compromised.
  • Be vigilant of social engineering – you can have all the security measures in place available in the world, but if you just give away your credentials because you were tricked, nothing can save you.