Password protection: why it is important and how to make yourself love it

Today, password protection is used everywhere in any enterprise, office, or organization. But it doesn’t always inspire enthusiasm among the users themselves. Recent statistics show that many employees find common security measures annoying and burdensome. But at the same time, the risk of internal threats increases significantly. Thus, studies conducted last year showed that over 70% of employees neglected basic safety requirements. And the main problem here is not even that they wanted to harm the management of the company itself in this way. The thing is that they simply did not want to use passwords, considering their introduction a waste of time.

In this review, we will take a closer look at what passwords are and why their constant entry is so important. We will give a number of recommendations for choosing a suitable password and show you how to create it using specialized managers. Let's talk about measures that can protect such data. Finally, let’s talk about 4 tactics that will help you make working with passwords as efficient and convenient as possible. We also suggest studying the issue of two-factor authentication. In combination with strong passwords, it will ensure a fairly high level of security for your credentials. The knowledge gained will greatly increase your level of security when working on the Internet.

Why is it so important to use passwords

Today, passwords can be called one of the most important and popular ways to ensure the protection of various accounts and personal information, in particular. But not every one of us treats them with sufficient attention and scrupulousness. Be honest, do you store your own passwords in safe places, change them as often as cybersecurity experts recommend, or choose them with special care? Most likely no. But at the same time, you must understand that passwords are what attackers most often lack in order to gain access to your accounts and personal data in general.

Unfortunately, the attitude of many office employees and not only to passwords can rightfully be called negligent. According to recent data, about 50% of all hacker attacks were carried out directly through gaining access to personal passwords. But phishing emails, with an indicator of just over 30%, are in 2nd place. Therefore, ensuring high levels of personal data security — this is what can be achieved by providing strong password protection. To achieve the assigned tasks, different methods and directions can be used. But there are also general recommendations.

How to create a strong password?

Strong and secure password – this is what will provide you with a fairly high level of protection from unauthorized access. In this way, you significantly reduce the likelihood that your data will be compromised by attackers and this will contribute to the loss of confidential data and even financial losses. This is relevant both for companies and for individual users. The more complex your password, the longer it will take to calculate it. Alternatively, if you use a password consisting of 20 characters with uppercase and lowercase letters, numbers, symbols, then the most powerful computer will not be able to solve it for at least a couple of sextillion years. But in order to unravel simple passwords, there are quite a lot of hacking techniques that have already been tested in practice. They will cope with such a task in a matter of minutes.

But still, many users are very wary of creating complex passwords. Some are afraid that they will not remember the selected combination, others do not want to waste time entering these same passwords when connecting to their device. But there are still a number of basic recommendations that should be followed without fail, in particular:

1. To log into each individual service, site, service, use separate passwords. That is, you should never use the same set of numbers and letters on different resources.
2. The password must contain at least 10-12 characters, which contains both upper and lower case letters, numbers, and symbols.
3. Never use personal information when recording a password; alternatively, it should not be your first or last name, date of birth, names and the same dates of birth of loved ones, and even the cat’s name is also not suitable.

If you are not sure that you can come up with a suitable password yourself, use the technical solutions that the modern market offers. Now we will focus on one of these products, in particular the password manager.

What is a password manager

Password manager — This is a specialized application designed to generate unique words, as well as store them securely. Among other things, it can also be used as a repository for important personal documentation, including PIN codes, identification numbers, insurance numbers of an individual personal account, etc. The peculiarity of this software is that you get rid of the need to write down and store all these numbers and access data. That is, you initially write them all down in your manager. And the only thing left for you to do here is to remember one and only one, the so-called “master password” to access the manager itself. That's all.

Passwords in such managers are often stored in the cloud infrastructure and in encrypted form. If you decide to opt for virtual solutions, then in this case we recommend performing backups from time to time. This way you can ensure a high level of availability at any time convenient for you. But it is also possible to store a password manager on your own device, be it a PC, laptop, smartphone, tablet. Each accommodation option has its pros and cons:

1. Cloud password manager. The benefits of this solution include increased convenience, as you can synchronize different devices for easier and more efficient work. In addition, there are separate extensions and applications for browsers. Most of these managers independently backup user data and can add all the necessary information to standard forms. They can also monitor the appearance of addresses and passwords in data leaks and notify owners if a match is found. But in any case, it is very important to choose the right owner of the cloud resource. He must be very responsible and reliable. Otherwise, your entire password database may end up in the wrong hands.
2. Password manager installed on your own device. In this case, you don’t have to worry about the safety of your data. No one except you will be able to access this information. Such a password manager will be implemented as a file stored on your computer. But the ease of use here will be somewhat limited. In particular, if you need to use it on different devices, be it a computer or a laptop, then you will need to manually transfer it from one to another. In addition, there will be no third-party functionality here. That is, a similar password manager format — it is just a securely locked file with your personal data.

Which password manager should you choose?

The modern market offers a fairly wide variety of password managers. You just need to study their functionality and features in order to choose the most convenient and suitable option for yourself. If you don’t want to search and analyze for a long time, you can pay attention to the following solutions:

• KeePassXC. This is a fairly stable and reliable password manager, which is not much different from its analogues, at least in terms of the level of security and the algorithms used. But it is equipped with a number of additional options, including cross-platform functionality. In this case, all data will be stored on your device, that is, this is not a cloud manager. You can initially choose the most suitable plugin for yourself, as an option for the browser Firefox or Chrome.
• Bitwarden. A completely free-to-use, open-source, cloud-based password manager. The main convenience here is that it supports absolutely all browsers that have gained increased demand among modern users: Google Chrome, Safari, Mozilla Firefox, Edge. You can also use it on any other browsers based on the Chromium engine, including Brave.
• Pass. This password manager uses the PGP library of functions for encryption, as well as a separate Git program, which is used to store and version data. Such solutions provided the opportunity to create a cloud password storage, in particular as a public repository on GitHub. The application is also cross-platform. You can download it separately for the Firefox browser and separately for Chrome.

These are some of the most reliable and time-tested solutions that have earned high recognition among the user audience. Perhaps they will be interesting to you too.

What else you need to know about a password manager

One of the most important recommendations, which, alas, is very often neglected in practice – This is a password record. This way, anyone who enters your space, be it an office workspace or a home, can easily get their hands on them. Also, you should not give your credentials to third parties, including those you trust: you cannot know how the security system is organized on their device. If it happens that you still need to share a password, then use the same password manager for a more secure transfer. If you use cloud solutions, you can set time limits for information exchange. In this case, the second participant will be able to gain access to your manager for a short period of time and then access will be automatically closed.

That is, a password manager with its encrypted digital storage — this is one of the most secure places today for storing credentials, as well as important documentation and other personal information. To access it, you will need to come up with one master password, which will give access to both login and automatic data decryption. We will talk further about how to create such a master password and how to remember it. Practice shows that attackers are not particularly eager to get involved with a password manager, since accessing data in this case will require a lot of time and effort, while the result will be very doubtful: the idea will most likely not be justified.

User experience in password protection

Now let's move directly to how to ensure a high level of password protection in a particular organization. The question is really relevant, since most office employees neglect such a solution. Research conducted a couple of years ago showed that the average employee can operate over 150 different combinations of logins and passwords. It is clear that no person can physically remember something like this. But above we have already talked about password managers and that they can be used comfortably even with large amounts of data. But still, most people solve this problem by using one password for all occasions. But such a decision can lead to serious security problems in the company.

Therefore, one of the most important tasks for IT departments of a particular business is to provide office employees with the most convenient, simple and fast access to logins and passwords. And make sure that this does not come at the expense of safety. Those wireless access technologies that are being quite actively promoted by many services today — not an entirely acceptable option for most organizations. Today, these techniques are still at the stage of their development. Perhaps, after some short period of time, a solution will be found that can provide a high level of safe operation. But until that happens, it is still important to think personally about access security. You also need to understand how to ensure the most comfortable user experience. Now we will present a number of excellent ways in which you can teach employees of a particular business to use passwords. Moreover, you can make this need as comfortable as possible.

Remembering the master password easily: practical recommendations

As we said above, choosing to use a password manager will greatly simplify the storage and use of credentials and other important information. You no longer have to keep a large amount of information in your head or in notebooks, or waste time searching for it if necessary. But you still have to remember one password, in particular the master password to access the manager itself. We would like to immediately draw your attention to the fact that you will not be able to restore this data if you forget it. This is done to ensure a high level of security.

Of course, you can write down this password somewhere on a piece of paper and hang it near your computer screen or put it in a desk drawer. But we have already said that this way you significantly increase the likelihood of its availability to third parties. Therefore, a more reasonable solution would be to remember it. This will be especially convenient if you need to access the manager from an unusual place.

It is also important to understand that most attackers use rather crude brute-force techniques when trying to guess passwords. That is, they launch a program that systematically tries various combinations of letters, numbers, and words to find the password for a particular account. Quite often they combine this technique with so-called “dictionaries of known passwords”. Yes, today there are also collections where the most vulnerable credentials are presented. That is, the easiest way to prevent hacking in this case — This is to use longer passwords with a fairly high degree of complexity. And here are a number of recommendations, using which you can come up with similar credentials and easily remember them:

1. Favorite poem or song. Think of a poem or song that you know. One verse will be enough. Pay attention to the first and last word of each line. If there are numerals, they can be replaced with a number. No numeral? Then simply put instead of the letter “ch” number 4 or come up with your own associations to replace it. As a result, you get a combination that is already in your head and will not need to be memorized additionally.
2. Random set of words. Open the book and write down from one page words that you can connect in meaning. As a result, you should form a phrase in your mind consisting of 10-12 words. Here you take one letter from the beginning and end of each word and get a ready-made password. Then you can play around, as in the previous version, replacing certain letters with numbers, combining capital and uppercase letters. The main thing is that the phrase you compose is securely stuck in your head. You will remember it, but outsiders are unlikely to be able to guess it.
3. We use key phrases for strong passwords. Come up with 3-4 words and connect them together. As an option Table-Dog-Sausage-Slippers (Table-Dog-Sausage-Slippers). It’s quite easy to remember this key phrase: a dog stole a sausage from the table, for which he received a slipper. Initially, the phrase itself seems simple, but it contains 26 characters. There are both uppercase and uppercase letters and symbols. This is quite enough for brute force technologies to spend a lot of time guessing a given password. The only nuance here — do not use phrases that are directly related to the company’s activities or directly to you as a user. That is, there is no complex mental load here, including when remembering a password. But in the end we got a rather long phrase of high complexity.
4. Provide feedback to employees. As soon as you ask users to come up with a complex password for themselves, most people simply fall into a stupor. Not a single more or less appropriate phrase comes to mind. As a result, a complex thought process begins, which, alas, does not give the desired effect. A person really gets lost when trying to find some convenient, but at the same time safe and reliable password. Therefore, do not leave your employees alone with this problem. Alternatively, you can make a special memo for them, where you outline all the recommendations and available examples. But it is also important to constantly be in touch with your wards. Let them tell you what passwords they came up with. This way, you can immediately check them for compliance with safety requirements and make timely adjustments if the need arises. Such communication must be conducted in real time. This will greatly simplify the work of both yourself and your employees. They will know that they did everything correctly.
5. Set the password expiration date based on its length. If a person has to change passwords very often at work, then not everyone will like this prospect. And this is quite understandable, since in any case creating a password will require some time and effort. And if you ask for new credentials very often, employees will clearly not be delighted with this prospect. To get a complex password, but not cause any negative reactions from the audience, set the frequency of password changes depending on its length as a norm. So, if your employees initially come up with a long and complex phrase consisting of the same 25 characters, then, as an option, next time they will have to change it, let’s say, in six months. If the number of characters is in the range of 10-12, the tone in this case will change passwords every 3 months. If the password length is less than 10 characters, then it will need to be changed once a month. By doing this, you give your employees the right to choose, rather than forcing them to come up with a complex phrase. And given their dislike for changing passwords, you can be sure that they will find the strength and ability to come up with a truly complex set of letters and symbols. The fact that they will have to change this data no more often than every six months will certainly be a kind of reward for them. This way you will get the optimal balance between safety and the level of satisfaction of your employees.
6. Keep an eye out for hacked passwords. All the solutions that we talked about above are aimed at making it easy for your employees and, let’s say, for their own benefit, to come up with strong and complex passwords. They will also help you understand the need to use such credentials in practice and stop ignoring them. But still, it is impossible to completely exclude the possibility that even such seemingly strong passwords can be hacked. Therefore, you must constantly monitor whether any user credentials entrusted to you are compromised. This can only be achieved by periodically checking passwords against the same databases of hacked credentials. For greater reliability, it is still worth choosing appropriate applications that work in real time. Those that will continuously scan your trusted passwords for leaks and notify you about this or automatically reset such passwords. This way, you won’t give attackers even a second to take advantage of the access you have gained. There are quite a lot of similar services that work automatically today. You just need to navigate the available options and choose the one that suits you best.

To summarize

As you can see, the process of selecting a strong password is not as simple as it might seem at first glance. Here it is necessary to take into account many nuances and constantly ensure that these same passwords are not hacked. But, in any case, working with credentials should not be overly exhausting and annoying for employees. Use the recommendations we talked about above to make the process of selecting credentials as simple as possible and, one might even say, entertaining. Also, do not forget to use programs that will automatically monitor declassified passwords and prevent data leaks.

But it is also important not to forget about this method of providing reliable protection against any unauthorized access, including hacker attacks, such as mobile proxies. We are talking about special intermediary servers that will ensure that the parameters of the user’s device are replaced with their own technical data, which will ultimately lead to the reliable concealment of your real IP address. Without access to it, attackers will not be able to get into your computer and intercept any passwords.

But in this case it is necessary to use exclusively reliable intermediary servers, as an option from the MobileProxy.Space service. In this case you get:

• access to an almost 2.5 million pool of IP addresses, which you can change by timer or forcefully via a link from your personal account every time the need arises;
• personal dedicated channel with unlimited traffic: no one except you will use it in practice;
• simultaneous operation on the HTTP(S) and Socks5 protocols, which is implemented by connecting to parallel ports;
• access to a huge number of geolocations from more than 30 countries, which will effectively bypass any regional restrictions;
• high level of confidentiality and security on the Internet, including protection against hacker attacks;
• the ability to use various services that automate actions on the network, including programs that will monitor the security of passwords without any risks or restrictions from the system.

For more details on all these features, please follow the link https://mobileproxy.space/en/user.html?buyproxy . You can also take advantage of a free 2-hour trial before purchasing mobile proxies to make sure that this is exactly the solution you need to ensure your own security and broad functionality when working on the network. If you have any additional questions, please contact the MobileProxy.Space technical support service, which operates 24/7. You can also look at the FAQ to find answers to the most common questions related to mobile proxies.

Share this article: