Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the blog archives!
Over the years, we’ve all heard it time and time again: create strong passwords! It's why you're left scratching your head when you try to think of exactly what your Amazon password is…because you keep having to reset the password. Creating a strong password might seem like a tedious task that sucks up valuable time in our busy lives, but having a complex and secure password is one of the most important ways to protect yourself against potential malicious cyber activities.
In this blog post, we will review why creating strong passwords both at work and home is essential for improved security as well as provide some tips on how to generate successful passwords you can use anywhere. Read on to find out more about the best practices of a good password: Password managers, SSO, and MFA as a second layer of protection!
Introducing the Power of a Good Password
Let's face it, we've all used "1234" or "password" at some point in our online lives. But what if I told you that your password is your first line of defense against online attacks? If you're the kind of person who always wants to write their own passwords, then take some time to craft a strong password with a mix of upper and lowercase letters, numbers, and special characters.
We'll get more into that below with best practices. You can even use a Password Manager like 1Password or Chrome's built-in password manager to generate strong passwords for you, which we'll discuss.
Who Ya Gonna Call For Strong Password Advice? Ghostb- Wait, No, It's Uncle Sam
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. It was founded in 1901 and its primary mission is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology.
NIST is responsible for developing and maintaining a wide range of technical standards, including those for physical, chemical, and biological measurements, as well as for cybersecurity and information technology. The NIST recommendations for passwords are considered the gold standard by many, so we will draw on those guidelines for password best practices:
How to pick a secure password:
- Size matters: It's recommended to use passwords that are at least eight characters long, but really the longer the better. If you want to create a more secure password, try to make it at least 12 characters in length or more. Using a passphrase is actually an easy way of generating long secure passwords. For example, instead of "Ireland!2023" you could use "IlovetravelingtoIreland!2023". This password would be much more difficult for an attacker to guess/brute force.
- Avoid using repeated or consecutive characters. For example, ending passwords in 123 or using a password that has abcd. Humans tend to think alike, so we all tend to use methods like this at some point. Simple passwords may be easy to remember, but those password123 situations aren’t worth it in the long run.
What are ways to prevent social engineering attacks? Every Hero Needs a Sidekick and Your Password is No Exception: 2FA/MFA, Passwords Managers, SSO
As with all scams, practicing proper cyber security awareness is key. Your company should ensure employees are educated on how to spot malicious activity (feel free to send this blog to your whole company). Companies can implement training and simulations or drills to get employees used to looking out for the common scam techniques, prompting them to double-check whom they are dealing with and use multi-factor authentication when transferring sensitive information. Additionally, ensuring employees have strong passwords and backup authentication methods like 2FA or MFA in place will help protect against unwanted visitors trying to exploit people.
- Utilize 2FA or MFA: Two-Factor Authentication is a security layer to protect your account from potential cyber threats. It adds an extra step in the login process by requiring additional verification such as a code sent via text message or email before allowing access to your account.
Using free apps such as Google Authenticator or Microsoft Authenticator are quick to setup and make it easy to access MFA codes.
- Use Password Managers: Password managers are programs that store passwords for all of your accounts in one secure location, usually using high-level encryption. These can be accessed with a master password designed to be extremely secure.
The account should hava MFA enabled to protect the passwords for the other accounts. One strong password to rule them all. We wanted to write "you shall not pass" in Elvish here but our editor said we were nerds.
- SSO: Single Sign-On (SSO) is another security measure that can be used to protect your data in combination with MFA. SSO allows a user to sign in once and then access multiple applications or services without needing to enter additional credentials for each one.
MFA should be used in combination with this to ensure an attacker who gets credentials can’t just sign on once and access multiple apps.
Conclusion: Stop Using Password123
We see you, Greg. No shame. We used to do it, but with knowledge comes power, and you're equipped to approach your passwords better than ever. There is a world where you can create passwords that work for you.
Liked this? Have strong feelings about Elvish being left out of cybersecurity articles and believe that blog writers should campaign for more Middle Earth content? You can find out more about Cybermaniacs here.
If you're curious about talking to someone about cybersecurity training that actually works: We can help.