Password Security

Why do we change our passwords?

1. Prevents long-term access.

Not all successful hacks are grab and go. Some attackers continue monitoring or using your account for valuable info that allows the attacker to compromise additional computers or accounts.

2. Reduce window for a first strike.

After a breach that exposes passwords, it may take attackers some time to get around to accessing your account. Regularly changing your password means the clock is always ticking on stolen credentials.

Best practices for passwords

1. Keep passwords private – never share or write them down.

Sharing or writing down account passwords could lead to misuse and/or get you in trouble at work.

2. Use different passwords for different accounts.

The compromise of one account should not put all others at risk.

3. Use passwords of at least 10 characters.

A 7-character password can be decrypted in minutes whereas a 10 or more character password can take years. Each character increases the combinations exponentially. Consider using passphrases instead of passwords, for example: Beach Cabinet Mosquito – A passphrase such as this is easy to remember and is improbable for a hacker to decrypt.

4. Use a mix of uppercase and lowercase letters, numbers, and special characters.

Character complexity makes it harder to guess and more difficult to target with decryption tools.

5. Avoid important names and dates in your life.

These are easily gathered and are among the first guesses of an attacker.

6. Use two-factor authentication as a safety net in case your password is exposed.

Requires a text message or authenticator app to verify your identity.

7. Use a password manager.

You’re more likely to use unique and strong passwords if you don’t have to remember all of them.

A perk of using the autofill feature of password managers is that it can tip you off to a phishing attack when you don’t see it pre-filled on a website that looks like the real site you use.

LastPass – https://lastpass.com/
KeePass – https://keepass.info/
Keeper – https://www.keepersecurity.com/
Google Password Manager – https://passwords.google.com/
Apple iCloud Keychain – https://support.apple.com/en-us/HT204085

CPPI does not endorse or recommend any particular password manager for personal use, the above listed are for example purposes only. Research and select the one that you are most comfortable using.