You should actually ignore ’90 day’ password rule – as experts warn ‘myth’ is easy way to become instant ‘victim’
WHILE they may seem like helpful tips, several “password myths” are actually dangerous mistakes.
This includes the ’90 day’ rule, which encourages users to change their passwords every 90 days.
Experts say you should only change your login credentials when necessary, as the repetition can lead to weak or reused passwords.
Only change your passwords after learning that your login credentials have been compromised.
Another myth claims a minimum of 12 characters is effective, but experts say this is no longer sufficient.
Rather, a strong password should have at least 16 characters and contain a healthy mix of uppercase and lowercase letters, numbers, and special characters like exclamation points or dollar signs.
Avoid names, birthdays, and other personal information that is easy to find online. Inexperienced hackers often rely on details like these to crack into accounts.
It is also vital that you don’t repeat passwords across multiple sites.
Once criminals gain access to login credentials exposed in a data leak, they can use them repeatedly and gain access to multiple accounts at once.
Experts also discourage users from creating passwords that are nearly identical, save for slight variations like extra numbers of symbols.
If you’re struggling to devise strong and unique passwords, there is an easy solution.
Cybersecurity companies like Keeper Security and McAfee offer free password and passphrase generators.
The output is based on details you provide like desired password length and the number of letters and other characters.
If you worry about keeping track of all your login credentials, feel free to use a password manager, which keeps your information under lock and key.
This way, you only need to remember one password to access the rest of your login credentials.
Beyond just using strong passwords, you should enable passkeys whenever you can.
A passkey allows you to log in using biometric information like a fingerprint or face scan.
This makes it nearly impossible for a hacker to breach your accounts, as biometrics are unique to you.
Users are also discouraged from repeating passwords across websites, which allows hackers to breach your accounts in one fell swoop[/caption]Amazon is just one retailer that has started allowing users to sign in with passkeys.
The company unveiled the measure in October 2023, promising “an easy and more secure way to sign in to your Amazon account.”
You should also enable multi-factor authentication (MFA) on sites that allow it.
MFA requires you to prove your identity in two or more ways before accessing your accounts.
This often entails sending a code to your email address or phone number, meaning the devices serve as another authenticator.
How to protect yourself from cyberattacks
Here’s what Mackenzie Tatananni, science and technology reporter at The U.S. Sun, has to say:
It is important to have security in mind anytime you navigate the internet or sign onto your devices. Just because you don’t have anything to hide, this doesn’t mean you want strangers spying on your activity. (Yes, this includes your internet service providers!)
I am a big proponent of VPNs, or virtual private networks, which encrypt (or “scramble”) your data to make it nearly impossible to intercept.
I am also a huge fan of the Tor Browser, though I understand this is not for everyone and can be difficult to navigate for first-time users. (I’ll admit it’s also not very practical, considering most websites are not indexed on the dark web.)
I find some of the NSA’s tips extremely helpful and abide by them myself. For instance, the agency recommends installing a minimal number of applications and only ones from official application stores.
In addition to saving phone storage, this is an effective security measure – most, if not all, apps will track you. While no one is truly defenseless against a malicious actor, there are small steps you can take to protect yourself.
This includes turning off location services for the apps you use (preventing geolocation) and managing other settings, including which apps have access to your photos and other data, in your phone’s Settings section.