Today, the vast majority of websites require a user ID and password. Consequently, this has created two major issues 1) data breaches at organizations’ websites, large and small, and 2) password fatigue for users who manage too many passwords. Just look at the Yahoo! data breach that compromised more than 500 million credentials. And the worst part is the fact that the breach is still affecting unrelated sites because Yahoo! users recycled the same password.

This comes as no surprise since the burden of managing dozens of secure passwords is simply too much for most users. We’re all guilty of having a sense of invincibility that leads us to believe our data will never be compromised. However, the reality is that we’re all at risk and need to be more vigilant when it comes to protecting our online identities. So until we live in a password-free world, here are the five best practices for password protection:

  1. Most importantly, use a federation access service when possible. Take advantage of being able to use the credentials you frequently use and trust. For example, SecureKey Concierge, OpenID, Facebook Connect, etc.
  2. Organize your password lists into three distinct groups:
    1. The passwords you really care about: where loss of control could affect your finances or reveal information that would harm you. For example, your bank, financial and health services, and your primary email account.
    2. The passwords you “kind of” care about: where losing them is a hassle but doesn’t compromise critically private information. For example, social media sites or a utility company.
    3. Passwords for sites you do not care about or forgot about: like small ecommerce sites, chat forums, etc.
  3. Ensure your passwords are at least 15 characters long and include uppercase and lowercase numbers with special characters. The longer, more complex the passwords are, the least likely they can be hacked.
  4. Make sure to enable two-factor authentication whenever possible so a rogue cannot take over your account without access to your phone as well. Lastpass and Dashlane are good examples, but there are others. This is a stop-gap measure, but it’s better than trying to do it by memory, brute force or by a paper list.
  5. Do NOT recycle passwords, no matter how convenient it may be.

Although these simple, effective practices cannot make you invincible, they’ll definitely increase your security and lower your risk.