Cybersecurity Tuesday Tip: Use strong passwords

Cybersecurity Tuesday Tip: Use strong passwords

By Travis Thompson, ATSSA Director of Information Technology

Travis Thompson

Is your password “password1”? Or maybe “123456”? If so, your password is among the world’s most common passwords and would take less than one second for bad actors to crack.

Even if your password isn’t that simple – perhaps one that uses a family member’s birth date, a pet’s name or references a TV show – it can easily be broken by bad actors.

This month, which is Cybersecurity Awareness Month, we’re offering tips each Tuesday to help protect businesses from cyber threats. Last week, we offered warnings about phishing. Today we look at using strong passwords.

To protect your business and personal accounts from bad actors, it is critical to use strong passwords. Here are a few ways to make your passwords stronger:

1. Use Long Passwords: Passwords should be at least 16 characters. The longer the password, the better the password!
2. Use Random Passwords: There are two ways to create random passwords.

Use a random string of mixed-case letters, numbers and symbols.

• Good: yok2m3tcvov92g8o
• Better: ybPkp#$AQ9pQN8Tq
• Best: &!kHXF5b!LW6NUQjFxQMgnA7Rd

Use a memorable passphrase of 4-7 words. For an even stronger password, add at least one character, one number and use mixed-case letters.

• Good: chitchatembattledregally
• Better: Shrimp-Animation-Respect1
• Best: Attain5.Silliness.Undoing.Elephant.Dose

3. Use Unique Passwords: Every account – both at home and at work – should have its own unique password. Never use the same password on more than one account.

• Business Email: Appeasing.Zap2.Nucleus.Arbitrate.Alumni
• Personal Email: 7@*NteF@Nj&c!4z2sLMZtiQyn
• Business Bank: Skillful4.Stubborn.Cautious.Landmark.Dagger
• Personal Bank: mf88doN*Xfa##&^Zi^V@4yi7k
• Business Social Media: @ZJ7on%An7vt@AiqH9ikvwpd$
• Personal Social Media: Prewar.Avenge5.Cloud.Smother.Zealous

4. Use a Password Manager: You are probably thinking, “This sounds great, but how am I supposed to remember these crazy passwords?!?!” The good news is,– you don’t need to! Well, you only need to remember one – the one you use for a password manager. Password managers save your passwords and fill in the password when you login. Today, most common browsers include a password management feature. This is a great place to start. For even more security, consider using a paid password manager that uses zero-knowledge encryption. This ensures that you and only you can access your passwords. To find a password manager, ask your IT department for direction or seek out trusted sources of information.

For business leaders, it is imperative that you not only protect your accounts, but also that you ensure that your employees’ accounts are also protected with strong passwords.

Here are three simple steps, based on guidance from the federal government’s Cybersecurity and Infrastructure Security Agency (CISA), to protect your business:

1. Require Strong, Unique Passwords: Enforce password policies that require strong passwords are used only for one account. Discuss with your Information Technology leader configuring settings to require passwords to meet certain complexity and length standards.
2. Provide a Password Manager: A good enterprise password manager with zero knowledge encryption stores and fills in passwords automatically so employees only need to remember one strong password—for the password manager itself.
3. Change Default Passwords: Require that default passwords be changed on all software and hardware products. Many hardware and software products come “out of the box” with default usernames and passwords that are easily exploited. These default passwords may be physically labeled on the device or even readily available on the internet. Require that employees change all default credentials.

A password is just the first layer of protection for your accounts.

Tune in next Tuesday for tips on using multi-factor authentication.