We all understand the importance of good personal hygiene, but have you ever considered the importance of good "password hygiene”?
As we’ve previously discussed, passwords play an integral role in the security of your startup. The passwords your team members use for their work accounts may not seem like something you should be sticking your nose in, but by allowing someone to use a weak password, you’re only jeopardizing your startup’s security.
That’s where password hygiene comes in.
What is password hygiene?
Password hygiene has nothing to do with tidiness or cleanliness. Instead, it refers to a set of recommended requirements designed to ensure that your passwords are always strong and secure. Just like you’d wash your hands before you eat or brush your teeth before going to bed, think of this as a checklist of good habits to keep in mind every time you create a new password.
Here are some of the key points of password hygiene:
1. Make your passwords long
One of the most common methods employed by hackers to gain access to accounts is what is known as a [“brute force attack"](https://en.wikipedia.org/wiki/Brute-force_attack). Here, a computer will attempt to log into your account, inputting every possible combination of characters as your password, in hopes of eventually getting it right and gaining access.
With this in mind, consider how easy this process might be if your password were just 4 characters long. The longer your passwords, the longer it would take to crack them. Don’t believe me? See for yourself.
2. Include numbers, symbols, uppercase, and lowercase letters
In one particular form of brute force attack called a [“dictionary attack"](https://en.wikipedia.org/wiki/Dictionary_attack), a computer is fed a huge database of common words (hence the name) which it then systematically attempts to enter as your password.
The only reason this type of attack exists, and sometimes works, is because a lot of people actually use basic common words as their passwords; words like “sunshine”, “monkey”, and even “password”. To thwart this kind of attack, you’ll need to add some variety to your passwords and incorporate uppercase and lowercase letters, numbers, and even symbols like @ or #.
3. Do not reuse passwords
Setting the same password for multiple accounts sounds like a great idea on paper. Why give yourself a headache memorizing dozens of complicated passwords, when you can just remember one? But in practice, you’re only setting yourself up for major catastrophe.
The problem with having one single magic key that can unlock any of your doors is that if you ever lose that key, whoever has it now has access to literally all your doors, and you’re pretty much locked out. Try your best to give each of your accounts its own unique password.
4. Change your passwords regularly
If you ever get hacked, it probably won’t take you very long to realize it; whether it’s because you suddenly can’t access your account anymore, or because your bank just sent you an outrageous credit card bill. But there are some cases where someone who’s figured out your password may not immediately set off an alarm, and continue to access your account and violate your privacy without your knowledge.
This is why it’s important to always stay one step ahead and regularly update your passwords. That way, anyone who might have unauthorized access to your account will find themselves unceremoniously kicked out.
5. Use Two-Factor Authentication
Another highly effective security measure you can take to better protect your accounts is enabling two-factor authentication. Two-factor authentication, or 2FA, is an extra layer of protection added to your account. With 2FA enabled, instead of just typing in your username and password to log in, you’d also be asked to enter a unique 6 digit code.
What makes this code special is that you receive it directly through your phone, and it changes every 30 seconds, which means that it’s always a secret that only you know. This effectively guarantees that whoever successfully inputs both your username and password, and this code, is definitely you.
But let’s face it: whether you’re trying to follow these guidelines yourself, or get your entire team onboard, maintaining good password hygiene can be a bit difficult and tedious. That is, unless you use the right tool.
Use a password manager
When you use a password manager, tackling each of these password hygiene items becomes a piece of cake.
With the built-in password generator, you’ll be able to create impossibly long passwords that feature a random selection of characters. And when it’s this easy to generate such strong passwords, you’ll never have to worry about reusing passwords or dread the thought of changing them regularly.
Some password managers even include 2FA features, allowing you to receive your 2FA tokens (those 6 digit codes mentioned earlier) through them directly, instead of getting them delivered via SMS, which has its risks.
By adopting a password manager for your startup, you’ll never have to worry about your data falling into the wrong hands, and you’ll never have to worry about your team getting frustrated and wasting time trying to come up with new passwords every month.
The only thing you’ll have to worry about is picking the right one.
The above article was written by Myki and originally published on the Seedstars World blog.