All about passwords
You use passwords to access your data and systems. For example, on your business computer, tablet, or smartphone, but also for your email account, social media, and cloud applications. Of course, you want to keep hackers out. So, make sure you come up with strong passwords and store or remember them in a safe way.
Use strong and unique passwords
Make sure your password is ‘strong’ and unique. A strong password is impossible to guess and difficult to crack by a computer. A strong password that becomes known immediately loses its power. So, make sure they are unique and that you do not reuse them. A good password consists of capital letters, punctuation marks and special characters in addition to ordinary letters and numbers. You can also use a long password phrase (passphrase). A longer phrase means more security.
A strong password is impossible to guess and difficult to crack by a computer. An important condition is that it is unique. A strong password that becomes known immediately loses its power. Here are some tips to help you come up with and manage a strong password.
Choosing a strong password is not enough. Also make sure you handle your passwords securely.
- Create a passphrase instead of a password. Choose a secret phrase that only you know. This is often easier to remember than a complex password. An example of this is: "Because I want to use the internet safely = this is my password!".
- The more characters, the better (minimum 12 is recommended).
- Use lowercase, uppercase, numbers, special characters, and spaces.
- Never use obvious words or sequences, such as the name of your partner or children, or most common passwords such as 12345, qwerty, or welcome01.
- Do not create a password that is similar to one of your other passwords. If your old password is "BunnyRabbit12", do not create a new password that is very similar, for example "BunnyRabbit34". This is easy to guess, and therefore not strong enough. So, think of something completely different.
- Use a password manager. This means you only have to remember a single, strong password or passphrase and all your other passwords will be stored securely.
- Choose words that are not on password blacklists (such as ‘password’ or ‘admin’).
- Make sure the password or passphrase does not contain any personal information (for example, your child's date of birth or your partner's name).
- Do not use a company name or an abbreviation in your password.
- Do not use passwords that correspond to easy-to-guess formats such as calendar dates, licence plates, or phone numbers.
Choosing a strong password is not enough. Also make sure you handle your passwords securely.
Safe handling of your passwords
Improper use of a password can result in others gaining access to your personal or business information. Of course, you do not want the competition to copy your customer and financial data, or for a cybercriminal to steal your company data and thereby commit identity theft (in Dutch).
- Do not give your password to anyone. Not even if a company asks for it.
- Do not let anyone watch you type your password.
- Use different passwords for different services.
- Change your passwords if you suspect they are known somewhere. For example, if a website of a service you use has been hacked.
- Do not leave your password lying around your computer, on your desk, or on your calendar. Never put a password in an email.
- Do not store your passwords unsecured on your computer. Encrypt the file or use a password manager.
- Generate all passwords with the password generator of your password manager.
- There is nothing wrong with writing down your password manager’s password and hiding it somewhere at home. Just do not write what it’s for. You know that yourself.
- Do not save passwords in the browser.
- Make sure you have a well-secured computer, smartphone, or tablet by providing it with the latest updates.
Set up multi-factor login
With a 2-factor or multi-factor authentication login (2FA or MFA), you add an extra layer of security to your login process. To log in, for example, you first use a PIN and then a fingerprint. Or you use a password first, then a numeric code received via another device. Many major systems and applications support this login method that make it a lot harder for cyber attackers to break in.
Read more about 2-Factor Authenication.
Use a password manager
Create different passwords for different services and devices. This way, if your password becomes known, you avoid all your accounts suddenly being accessible. A password manager can manage your passwords securely and centrally for you. Many password managers generate strong passwords for you themselves. This makes it easy for you, as you do not have to create and remember them yourself.
The tips below can help you choose the best password manager and use it responsibly.
Application availability
Because most entrepreneurs regularly use passwords, it is useful if you can look up these passwords quickly and easily. Because password managers are usually available as applications for your mobile phone, computer, and web browser, you always have them at hand and in many cases they can even fill in the password automatically for you. Therefore, when choosing a password manager, pay attention to whether applications are available for the browser, phone, and operating system you are using.
Online and offline password managers
Many password managers store your login details in the cloud. This means you only have to log in to access your vault. This is user-friendly and works on different devices. If you prefer to decide for yourself where to keep the vault and how to secure it, you can opt for an offline password manager. An offline password manager stores the vault on your device. You can only access your passwords if you have access to the device on which you store this safe.
Free or paid
Password managers come in both paid and free variants. In many cases, paid versions offer extra functionality or ease of use, such as being able to store payment details or the possibility to check whether your passwords have been part of a data breach. This differs per password manager, so take a good look at which functions add value within your company. A free variant can perfectly meet your needs and be a good first step to start with a password manager. It is wise to find out what the revenue model is for a free password manager; how are they making money? In some cases, free trials of paid password managers are also available.
Automatic login and two-factor authentication
Some password managers offer the option to log in automatically. When you open a certain website or application, your username and password are automatically entered. This offers extra user convenience, because you only have to log in once. Your password manager then automatically logs you in to applications or websites you visit. In addition, this also offers protection against, for example, phishing websites. Some password managers can also generate two-factor authentication codes for you. This is even more secure, because you also have to enter the generated code in addition to your password.
Share passwords
Some password managers offer the option of creating a shared password vault in addition to your personal password vault. This means that all persons who have access to the relevant vault can see the passwords in this vault. This can be useful, for example, if you want to share the password to a certain device or application in your IT environment with certain colleagues or even an entire team.
Support
When choosing a password manager, find out what support the password manager offers and what support you need. Many paid password managers offer help if you have any questions. Please note that support often cannot help you in case of a forgotten password. So, it is very important that you remember, write down, and store your master password or passphrase in a safe place.
Risks
Be aware of the risks of using a password manager. If a hacker were to gain access to your password manager, he would immediately have all the passwords at his disposal. This underlines the importance of choosing a strong master password for your password manager.
Change your password after a hack or data breach
If you suspect that your password has been compromised or your data has been part of a data leak, you can easily check this yourself. You can do this on the police website Check Your Hack (in Dutch) or check if your data is in the huge dataset of leaked data on HaveIbeenPwned. Do your details appear here or are you sure your data has been compromised? Then change it immediately and (if you have not done so already) set up 2-factor authentication. Especially for accounts that give access to your email and important business accounts. Be careful not to become too predictable when choosing a new password. For example, do not choose consecutive passwords like ‘welcome1’, ‘welcome2’ and ‘welcome3’. And certainly do not use passwords you have set up on another service or for another service.