In this multi-part series, we’ll look at what organizations can do to better improve corporate cybersecurity as part of October’s Cybersecurity Awareness Month. In this blog, our focus is using strong passwords.
Passwords and passcodes are now required on almost all devices, accounts, and systems. Making sure you use strong passwords will help keep you safe. We’ll look at what strong passwords are and how to go about using them.
Password security starts with creating a strong password. A strong password is:
- At least 12 characters long but 14 or more is better.
- A combination of uppercase letters, lowercase letters, numbers, and symbols.
- Avoids words that can be found in a dictionary or the name of a person, character, product, or organization.
- Significantly different from your previous passwords.
- Easy for you to remember but difficult for others to guess. For example, consider a memorable phrase like “6CatzRLo0king^”.
You can also use passwords suggested by browsers or password managers, which we’ll discuss later.
Once you’ve created strong passwords, you’ll have to make sure you’re using them properly. For example, you’ll never want to share the passwords with anyone. Also, you’ll want to have a unique password for each device, application, and website. Next, you’ll want to be sure to change all default passwords on systems and devices. Some devices have been hacked because they come with default credentials like admin/admin from the factory and never prompt a user to update the password during first log in.
You can also use browsers to learn about your password hygiene. For example, for macOS users, Safari can be enabled to let you know if your passwords need to be changed because they are being reused or have been compromised.
To check on this, go to Safari > Preferences > Passwords. Here you can enable “Detect compromised passwords”.
If the password is compromised, you will be told why and be given the option to change and update the offending password:
Another bit of password hygiene to keep in mind is when you learn about a breach, either through news or from a notification email from a website, change your password immediately. You never want to ignore this information and assume you are okay because you haven’t noticed any issues. This is especially important if you reuse passwords, as these stolen credentials are often sold to attackers for their malicious use in getting into high-value websites.
Lastly, password managers may be used. A password manager is an app or a service that helps you generate and store long, unique passwords for all your online accounts. Your organization may provide one for you, or you may find one that’s free. However, excellent products like 1Password or LastPass can be had for relatively little money and these usually provide the best user experience across mobile and desktops.
For fun, you may want to check out https://bitwarden.com/password-strength/ – this website lets you know how long it would take to crack your password. Be sure not to use real passwords that you intend to use. It may sound paranoid but it’s better to be safe at all times.
Stay tuned for Part 4 in our series.