Use strong passwords
Make sure your password is 'strong'. A strong password is hard to guess and difficult for a computer to crack. In addition to regular letters and numbers, a good password also consists of capital letters, punctuation marks, and special characters such as #@&%. You can also use a long sentence, known as a passphrase. These are easier to remember. The longer the sentence, the safer. An example of a good passphrase is: “The Great Red Bookcase Walks 17KM?”.
A strong password is hard to guess and difficult for a computer to crack. Here are a few tips to help you create a strong password.
Choosing a strong password is not enough. Also make sure you handle your passwords securely.
- Create a passphrase instead of a password. Choose a secret phrase that only you know. This is often easier to remember than a complex password. An example of this is: "Because I want to use the internet safely = this is my password!".
- The more characters, the better (minimum 12 is recommended).
- Use lowercase, uppercase, numbers, special characters, and spaces.
- Never use obvious words or sequences, such as the name of your partner or children, or most common passwords such as 12345, qwerty, or welcome01.
- Do not create a password that is similar to one of your other passwords. If your old password is "BunnyRabbit12", do not create a new password that is very similar, for example "BunnyRabbit34". This is easy to guess, and therefore not strong enough. So, think of something completely different.
- Use a password manager. This means you only have to remember a single, strong password or passphrase and all your other passwords will be stored securely.
- Choose words that are not on password blacklists (such as ‘password’ or ‘admin’).
- Make sure the password or passphrase does not contain any personal information (for example, your child's date of birth or your partner's name).
- Do not use a company name or an abbreviation in your password.
- Do not use passwords that correspond to easy-to-guess formats such as calendar dates, licence plates, or phone numbers.
Choosing a strong password is not enough. Also make sure you handle your passwords securely.
Safe handling of your passwords
Improper use of a password can result in others gaining access to your personal or business information. Of course, you do not want the competition to copy your customer and financial data, or for a cybercriminal to steal your company data and thereby commit identity theft (in Dutch).
- Do not give your password to anyone. Not even if a company asks for it.
- Do not let anyone watch you type your password.
- Use different passwords for different services.
- Change your passwords if you suspect they are known somewhere. For example, if a website of a service you use has been hacked.
- Do not leave your password lying around your computer, on your desk, or on your calendar. Never put a password in an email.
- Do not store your passwords unsecured on your computer. Encrypt the file or use a password manager.
- Generate all passwords with the password generator of your password manager.
- There is nothing wrong with writing down your password manager’s password and hiding it somewhere at home. Just do not write what it’s for. You know that yourself.
- Do not save passwords in the browser.
- Make sure you have a well-secured computer, smartphone, or tablet by providing it with the latest updates.
Use a password manager
Create different passwords for different services and devices. This way, if your password becomes known, you avoid all your accounts suddenly being accessible. A password manager can manage your passwords securely and centrally for you. Many password managers generate strong passwords for you themselves. This makes it easy for you, as you do not have to create and remember them yourself.
Password managers: digital safe for your login details
A password manager is a useful tool for creating secure passwords and remembering them for you. It is a digital vault that keeps all your login details safe for you. To open this vault, use one master password or an easy-to-remember passphrase. The advantage is that you only have to remember this password or passphrase. In addition to storing passwords, a password manager can also create secure passwords for you. These passwords are long and consist of a combination of (capital) letters, numbers, and special characters. Some password managers also offer the option to securely store other data, such as notes, address information, email addresses, software licences, and payment information. In many cases, password managers are available as applications for your mobile phone, computer, and web browser.
Securing your password manager
Because a password manager is a vault that contains all your passwords and potentially other important data, it is important that you use a strong and unique master password/passphrase to protect your password manager. Make sure that you remember this password well, write it down (without indicating what it is), and store it safely. Read more tips about strong passwords (in Dutch).
If the master password is lost, you must prove that you are the owner of the vault by, for example, confirming your identity or using a backup email address or recovery function. If this does not work, in some cases you will even be completely excluded from your vault. In addition to using your master password, many password managers also allow you to use two-step verification (in Dutch). Then you do not only use the master password for logging in, but also a login code via, for example, your mobile phone. Or your fingerprint. With two-step verification, or the newer two-factor authentication, you can secure the security of your business applications.
The tips below can help you choose the best password manager and use it responsibly.
Because most entrepreneurs regularly use passwords, it is useful if you can look up these passwords quickly and easily. Because password managers are usually available as applications for your mobile phone, computer, and web browser, you always have them at hand and in many cases they can even fill in the password automatically for you. Therefore, when choosing a password manager, pay attention to whether applications are available for the browser, phone, and operating system you are using.
Online and offline password managers
Many password managers store your login details in the cloud. This means you only have to log in to access your vault. This is user-friendly and works on different devices. If you prefer to decide for yourself where to keep the vault and how to secure it, you can opt for an offline password manager. An offline password manager stores the vault on your device. You can only access your passwords if you have access to the device on which you store this safe.
Free or paid
Password managers come in both paid and free variants. In many cases, paid versions offer extra functionality or ease of use, such as being able to store payment details or the possibility to check whether your passwords have been part of a data breach. This differs per password manager, so take a good look at which functions add value within your company. A free variant can perfectly meet your needs and be a good first step to start with a password manager. It is wise to find out what the revenue model is for a free password manager; how are they making money? In some cases, free trials of paid password managers are also available.
Automatic login and two-factor authentication
Some password managers offer the option to log in automatically. When you open a certain website or application, your username and password are automatically entered. This offers extra user convenience, because you only have to log in once. Your password manager then automatically logs you in to applications or websites you visit. In addition, this also offers protection against, for example, phishing websites. Some password managers can also generate two-factor authentication codes for you. This is even more secure, because you also have to enter the generated code in addition to your password.
Some password managers offer the option of creating a shared password vault in addition to your personal password vault. This means that all persons who have access to the relevant vault can see the passwords in this vault. This can be useful, for example, if you want to share the password to a certain device or application in your IT environment with certain colleagues or even an entire team.
When choosing a password manager, find out what support the password manager offers and what support you need. Many paid password managers offer help if you have any questions. Please note that support often cannot help you in case of a forgotten password. So, it is very important that you remember, write down, and store your master password or passphrase in a safe place.
Be aware of the risks of using a password manager. If a hacker were to gain access to your password manager, he would immediately have all the passwords at his disposal. This underlines the importance of choosing a strong master password for your password manager.
Change your password regularly
If you suspect or are sure that your password has been lost or is known to others, change it immediately. Especially the important passwords that give access to your email and corporate accounts. Be careful not to become too predictable when choosing a new password. For example, do not choose consecutive passwords such as 'jack1', 'jack2', 'jack3' or 'jack', 'jack12', 'jack123', 'jack1234'. And certainly do not use passwords that you use for another service or device.