Cybersecurity Awareness: Strong Passwords
In this blog
Passwords are the keys to your digital castle. Just like your house keys, you want to do everything you can to keep your passwords safe.
Passwords are a common form of authentication, and proper password hygiene is as important as proper personal hygiene. There are several programs attackers can use to help guess or crack passwords. Choosing strong passwords or passphrases and keeping them confidential can make it more difficult for an unauthorized person to access sensitive or private information.
Long, Unique, Complex
- Long: Passwords must be at least 14 characters long.
- Unique: Each account must be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secure. We're talking really unique, not just changing one character or adding a "2" at the end. To really trick hackers, none of your passwords should look alike.
- Complex: Each unique password must be a combination of upper case letters, lower case letters, numbers and special characters (like >,!?). Again, remember each password must be at least 14 characters long.
How often should I change my password?
If your password is long, unique and complex, you don't need to change it unless you become aware that an unauthorized person is accessing that account or the password was compromised in a data breach.
This recommendation is backed up by the latest guidance from the National Institute of Standards and Technology. For many years, cybersecurity experts told us to change our passwords every few months. However, this constant change isn't helpful if your passwords are long, unique and complex. If you change your passwords often, you risk reusing old passwords or falling into bad habits of creating similar or weak passwords.
Remembering is so hard!
You probably have a lot of online accounts. And because all of your passwords must be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe.
Don't pass on password managers
Today, the truth is that you don't have to remember your passwords. Using the latest tools, you don't need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault. There are many free and easy-to-use tools out today that make managing your library of unique passwords a snap. Conducting thorough research to select the proper tool for you does not take much extra time but could save you a lot of headaches later!
Protect personal information. The identity saved could be your own.
Did you know?
Those cute little question surveys posted on Facebook are your friendly neighborhood cyber criminals' favorite thing in the world! What was your first car? Where did you go to high school? What was your first pet's name? All of those questions are frequently used as security questions to reset passwords. Please don't put this information out where everyone can see it!
Have I been what?
Haveibeenpwned.com is a free, secure website where users can search for an email address or a phone number to see if it has been involved in any breaches. A listing of any applicable breaches involving your information will be shown. You should pay close attention to the compromised data for each breach. In the Chegg data breach of 2018, passwords and email addresses were compromised. Poor password hygiene, like reusing the same password across multiple platforms, could leave users vulnerable to breaches across other accounts.
For more information, check out these resources: