October is National Cyber Security Awareness Month in the U.S. Throughout the month, we will send you tips and best practices on a different cybersecurity topic. Today's topic is Password Strength.
Passwords are the most common method of authentication, but remembering a unique password for each account you have can be a pain. However, it's critical to manage your passwords sensibly to prevent an account breach. Modern hacking tools can cycle through every possible eight-character password containing mixed-case letters, numbers, and symbols in only a few hours. We recommend the following best practices for creating and managing passwords to help protect your accounts from a cyber-attack:
- Make passwords as long as possible. Some clients we work with require 24 characters. Consider using longer passphrases.
- Include special characters, not just letters and numbers.
- Do not use dictionary words, even when combined with a number. Avoid commonly used words like “password” and “welcome.”
- Do not allow exemptions for password length or expiration, even for senior management and IT administrators.
- Do not re-use passwords.
- Do not use your email password for any other account.
- Enable two-factor authentication whenever possible.
- Do not store passwords in an easily accessible location, such as a file on your computer or a note on your desk or computer screen. We have seen cases where stolen, unprotected password files from key staff members have resulted in financial losses for firms.
- Use a password manager application to generate and securely store multiple complex passwords.
If you have any questions about passwords or other cybersecurity measures, please contact us at firstname.lastname@example.org.
For more information about Cyber Security Awareness month, visit the U.S. Department of Homeland Security website.