CYBERSECURITY FACT SHEET: Passwords and Securing Accounts

April 5, 2019

Passwords are like keys to your house.  You should do everything you can to protect your house and prevent those who wish you ill from gaining access.
 

How do I create a good password?

Remember the phrase “long and strong.” Good passwords have a minimum of 12 characters and a mix of upper and lowercase letters, numbers, and symbols. 

Better yet, say the experts at the National Institute of Standards and Technology, is to create a passphrase that uses a few normal words or phrases that have a unique association to you; words that are connected in your mind, but not the same in others’ minds. These are much easier to remember, but harder to guess (as long as your words aren’t also a grouping that is easily guessed, such as the names of your children or colors of the rainbow). Better examples might be words that come to mind when you think of your house, such as “bluecornerfamilymaple”, or your hobbies, such as “travelboatrelaxsunny”.

 

How do I ensure my password protection stays safe?

  • Never share your passwords with others.
  • It’s okay to make your passwords unique to your life, but not something that is easily guessed.
  • Have a different unique password for each account.
  • Get a password manager program to  help you remember your passwords. If you write them down, store them in a safe place away from your computer.
  • Change your passwords several times a year.

     

Are passwords the only form of protection for my account(s)?

Typing a username and password isn't the only way to identify yourself. Some web services add to their security features with with two-factor or multi-factor authentication that may include an additional form of authentication to verify your identity, such as:

  • Biometrics such as voice ID, facial recognition, iris recognition, and finger scanning.
  • A one-time security code.(usually sent via phone call or text).
  • A security key or token; a small device (most often used via a USB port or in conjunction with a smartphone) that is used when logging in.

 

In some cases, two-step and multi-factor authentication services may be available, but are not required. Ask your financial institution and other online services if they offer these methods or additional ways to verify your identity. The National Cyber Security Alliance also offers authentication tips and a guide on how to turn on strong authentication for several popular online services at https://www.lockdownmylogin.org/strong-authentication/

SOURCES: National Cyber Security Alliance, National Institute of Standards and Technology

PDF



Useful Links