- We know it’s risky to reuse a password across accounts, but research shows that many of us do it anyway. We have password fatigue: we have too many accounts and it’s nearly impossible to remember complex passwords for each one.
- Fight the fatigue—password reuse is a leading cause of account compromise. Imagine that an unreported data breach on a social media site exposed your password—and you’ve used that same password at work. Suddenly, your work email account is vulnerable because it uses the now-exposed password. If you use a password across accounts, regardless of if they are work or personal, all of those accounts become vulnerable.
#1 Create Strong & Unique Passwords
Long passwords are hard to crack, so make your passwords at least 15 characters long. These tips can help you create longer passwords that are easier to remember. Try to use:
- A lyric from a song or poem
- A meaningful quote from a movie or speech
- A passage from a book
- A series of words that are meaningful to you
- An abbreviation: Make a password from the first letter of each word in a sentence
- New password must contain combination of lower & capital letters, number and any of these special character: ~ ! * - = _ [ ] { } ?
- Examples:
#2 Keep Your Credentials Secret
Protect your passwords like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.
- Don’t write down credentials. Avoid the temptation to write down your passwords, even if you think your hiding spot is great – whether that’s at home or in the office. Let’s say you wrote your email password on a note and taped that note under your keyboard. Consider all of the people who could potentially find your password: Coworkers, cleaning staff, delivery staff, and possibly even visitors like friends or family.
- Don’t share your login. If you share your password or PIN with anyone you can’t control what that person does with your credentials.
- What if your coworker writes down your password and tapes it to her monitor?
- What if your coworker makes a mistake while logged in with your credentials?
- What if your credentials are passed on to someone outside of your organization?
- Shield your credentials when you enter them. When you’re entering a password or a PIN, make sure you shield your keyboard or keypad so that no one else can see what you’ve entered.
#3 Store Your Credentials Safely
You might ask yourself, “If I need a unique password for each account, and if I can’t write those down, how will I remember all of them?” We’re glad you asked.
- Consider using a password manager. This tool lets you create strong, unique passwords for each account without having to remember all of them.
- Some password manager options include:
- 1Password - https://1password.com/
- LastPass - https://www.lastpass.com/
- Bitwarden - https://bitwarden.com/
- Some password manager options include:
- Think of a password manager like a digital safe. It securely stores and manages usernames and passwords, for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember. This is all done in an encrypted form for powerful added security.
Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely.
Thank you for your cooperation.
OIT InfoSec