Passwords

GageYour passwords are the key to securing your systems, your accounts, and our organization. Make your shield even stronger by using passwords securely. To begin with, you want to create and use only strong passwords. Cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at it. This means they can compromise your passwords if they are short or easy to guess, such as your pet’s name. The more characters your password has, the stronger it is and the harder it is for an attacker to guess. However, long, complex passwords can be difficult to remember. To help you create strong passwords that are easy to remember and type, we recommend you use passphrases. Passphrases are nothing more than a sentence or random words. For example, you can use the passphrase:

How cold is today?

Notice how many characters this password has, yet it’s easy to both type and remember. You can make any password or passphrase even stronger by replacing a letter with a number, such as replacing the letter “o” with the number “0,” using lower and upper case letters, or adding symbols, such as spaces or punctuation. In addition to creating strong passwords, be careful how you use them. Here are several key steps that will protect your passwords.

Use a different, unique password for each of your accounts. That way, if one of your accounts is hacked and your password is compromised, your other accounts are still safe. Can’t remember all of your passwords? Consider using a password manager. This is a special program that securely stores all of your passwords for you. You only need to remember the password to your password manager. Check with your supervisor or the help desk to see if a password manager is an option you can use.

Many online accounts offer something called two-step verification. This is where you need more than just your password to log in, such as codes sent to your smartphone or codes generated by a token. Whenever possible, always enable stronger authentication methods like these. Solutions like two-step verification are one of the most effective steps you can take to protect your accounts.

Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password, it is no longer secure.

Do not use public computers, such as those at hotels or libraries, to log in to sensitive accounts, such as those at work or your online bank account. Since anyone can use these computers, they may be infected with malware that captures all of your keystrokes. Only log in to sensitive accounts from trusted computers or mobile devices you control.

Finally, be careful of websites that require you to answer personal questions. These questions are used if you forget your password and need to reset it. The problem is the answers to these questions can often be found on the Internet. Make sure that if you answer personal questions you use only information that is not publicly known.

If you accidentally share your password with someone else, or believe your password may have been compromised or stolen, be sure to change it immediately and contact the Service Desk.

Don't Get Infected!

© SANS Institute 2020