As hacking tools become more and more powerful, it’s more crucial than ever to maintain good password habits – or fix weak spots. World Password Day is a good reminder to share best security practices with friends or family or see if you’re on top of everything yourself. Here are 8 important ways to check passwords and improve security.
Table of contents
We’ve seen a few reports recently highlighting how strong hacking tools are becoming and how weak the average password is, particularly with the latest AI.
A study from NordPass this week revealed the 200 most common passwords in 30 different countries. And in the US, 83% of them can be cracked in “less than a second.”
8 important ways to check passwords and improve security
See your reused and compromised passwords
- Most password managers including Apple’s built-in one for iOS and macOS include security recommendations that highlight which of your passwords are reused across websites or have been compromised in a data leak
- On iPhone head to the Settings app > Passwords > Security Recommendations at the top
- 1Password has a whole Security Audit feature that’s very helpful and on iPhone, compromised website or password warnings usually appear at the top
- If you have a different password manager, look for its security checkup features
- Now update any reused or compromised passwords with strong auto-generated passwords, more on that below
- Don’t forget to revisit your security recommendations regularly
Pro tip: To avoid overwhelm, aim to update one or two of these each day if the list is long – but make sure to start with the most sensitive accounts like financial ones, etc.
And if for some reason you’re not using a password manager already, you need to start 😁. 1Password is an industry leader and has great support resources to get started. It’s also a feature-rich app and service across platforms and devices but does require a subscription.
If you’d like to go for a free option, Apple’s built-in Keychain works great and if you’re using iCloud Keychain, that’s end-to-end encrypted.
Auto-generate passwords
- When creating new passwords or updating passwords, make sure to use auto-generated passwords through your password manager
- Make the auto-gen passwords as long as a website or service will allow for the greatest security
2FA/MFA – and avoid SMS
- For any accounts that support it, turn on two-factor authentication (2FA) or multi-factor authentication (MFA)
- Avoid using SMS-based 2FA/MFA as it is vulnerable to SIM swap attacks
1Password, Apple, and most password managers feature 2FA verification code support. Here’s how it works on iPhone now:
Don’t manually enter your passwords in public
- This might sound obvious or new, but a growing attack is malicious parties watching users enter their iPhone passwords in public places like bars, malls, etc. then stealing the device right out of their hands
- Fortunately, this is easy to protect against, don’t manually enter your password in public places – instead rely on Face ID or Touch ID or cover your screen if you must manually enter a password/passcode
Don’t use public WiFi or public charging stations
Two more easy ways to stay secure, avoid public WiFi networks, and don’t use public charging stations:
Physical security keys
Apple Advanced Data Protection
At the end of 2022, Apple announced and first launched Advanced Data Protection in the US with more countries arriving in 2023. Now 23 categories of iCloud data feature end-to-end encryption when the feature is enabled.
Check out how it all works and how to turn it on in our full guide:
Passkeys – a passwordless future
While a full-on passwordless future is still some ways out, passkeys is the most likely path that will take us there.
As a refresher, Passkeys is a technology made through the FIDO Alliance – a partnership with between Apple, Google, Microsoft, and more. The idea is to move away from traditional passwords and sign in with secure authentication methods such as facial recognition or biometrics without ever having to create or type a passcode.
Apple has passkeys support built into macOS Ventura and iOS 16 but support from websites and services is still minimal.
However, Google has started rolling out passkey support to sign into accounts. And my colleague Filipe just sat down with 1Password’s CEO to discuss it more in-depth. But keep in mind, while support is starting to roll out slowly for services, standard passwords aren’t going to be eliminated soon.
FTC: We use income earning auto affiliate links. More.