April News Article

Practice Good Password Hygiene

Password hygiene is the practice of making your account passwords more difficult to guess and harder to crack. We use passwords these days for everything. They are integrated into our work lives, personal lives and practically everything we do. Think about it, we use passwords for social media, work, school, shopping, banking and so much more. Using a common password for various accounts might seem convenient, but this is the opportunity cyber criminals are waiting for.

The challenge is to create strong passwords that you remember, but not reusing them across different accounts. Remember, security is our shared responsibility. The following tips will keep your passwords squeaky clean not just at work, but at home too.

Strengthen your Password 

The first step in keeping up with password hygiene is making sure you secure your accounts with a strong password. Using the following tips will boost your account security:

  • There is information about you that is easily discoverable on the internet—such as your birthday, anniversary, address, city of birth, high school, and pet/family names - don’t include this information in your password.
  • Don’t use weak password logic such as strings of letters forming a horizontal or vertical line on the keyboard.
    • Examples: qwerty, asdfghjkl, qazwsx, 1qaz2wsx, etc.
  • Don’t use the word password in your password.
  • Using a passphrase over a password will increase security for your account. Make sure the passphrase you choose is complex.
    • Example: Pick a line from your favorite song or quotation, but preferably not a common one.
  • Use multi-factor authentication (MFA) when it is available on your accounts. MFA adds another layer of protection in addition to your username and password. 

Avoid Reusing Passwords

This might be one of the most important tips for password hygiene. Even if you have a strong password, using a different one for all your accounts is recommended. Think about this. What if a cyber criminal gains access to one of your accounts and you used the same login credentials for multiple accounts? If one account gets hacked, all of them could get hacked and it could be difficult to recover from that. Having the same password for all accounts makes it easy for someone to completely take over your digital life!

We know it is difficult to remember multiple passwords, don’t worry we have a solution for you!  You could use a password manager.

Password Manager

A password manager can be used to securely store unique login credentials. Typically all stored passwords are encrypted, requiring you to create a master password to access all the stored credentials.  It keeps your passwords secure while also making them accessible to you, so you never have to worry about keeping track of dozens of different passwords.

Some password managers will generate, retrieve, and keep track of super-long, crazy-random passwords across countless accounts for you, while also protecting all your online information. Not only can you store passwords but also security questions. All information stored will be encrypted. 

There are many password managers out there to choose from (KeePass, Bitwarden, LastPass, 1Password, etc.) that you could use!

Keep your Password Under Wraps 

Keeping your password under wraps is essential.  Never share a password to a co-worker, friend, or family member. They can – maybe even accidentally – pass your password along to others and abuse it. Your password should be protected and not be shared with anyone.

You should avoid putting passwords on sticky notes/paper, Excel files, etc. For example, if you put a password on a sticky note and put it on your monitor, anyone that passes by your computer now could access your account.  Leaving your computer unlocked while you're away from your desk leaves all of that sensitive information available to whoever walks past. Picture this, you leave your machine unlocked and walk away. While you're away, someone comes and sits at your desk. They could open the Excel file and have access to your credentials. Think about it.

Passwords Exposed in Breaches

A data breach occurs when cyber criminals hack into an organization's database and steal sensitive information. They then expose this data on the Internet and/or post it on the dark web for other cyber criminals to harvest from. The sensitive information can include usernames/passwords, account numbers, names, home addresses, Social Security Number, credit cards and much more. Make sure you equip yourself with the knowledge and tools to take the necessary next steps to protect yourself from another breach in the future. 

Remember breaches happen everywhere and if one account is breached it could be like a domino effect. Say you are using the same login credentials for multiple accounts and one of the accounts is hacked in a breach. Cyber criminals could then use those credentials to login to all of those accounts you re-used your credentials with. If one account gets hacked, all of them are now at risk if you have the same password for each of your accounts.

Do you know if you have ever been in a data breach?  If so, do you know what data was exposed? Check out haveibeenpwned.com to see if your email address was involved in a breach and what information was exposed. You can also check to see if your passwords have been exposed publicly.  If you find that your password was exposed, make sure you change it ASAP!