Get Creative with Passwords to Keep Accounts Secure
October 16, 2020
In honor of Cybersecurity Awareness Month (something we take very seriously all year long), we wanted to talk about an important topic that is the first line of defense in securing your online information … strong passwords! Most of us dread having to create new passwords, especially once you’ve used every hobby and school mascot you can imagine. So here are a few simple tips that we learned from the Cybersecurity & Infrastructure Security Agency to shake up your password creativity:
Use Long Phrases
According to guidance from the National Institute of Standards & Technology (NIST), always consider using the longest password or passphrase permissible on each site. For example, you can use a passphrase such as a news headline or even the last book title you read. Then add in some punctuation and capitalization.
Passwords Should Not be Easy to Guess
Never include personal information in your passwords, such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
Avoid Common Words
Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.” Also, use phonetic replacements, such as “PH” for “F.” Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
Keep Your Passwords Secret
Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through emails or calls. Every time you share or reuse a password, it chips away at your security by opening avenues in which it could be misused or stolen.
Every New Account Gets a New Password
Having different passwords for various accounts helps prevent cybercriminals from gaining access and protects you in a data breach. It’s important to mix things up— find easy-to-remember ways to customize your standard password for different sites.
Double Your Login Protection
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it using a trusted mobile device, such as your smartphone, an authenticator app, or a security token—a small physical device that can hook onto your key ring.
Stay Organized with a Password Manager
The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account—protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.
For more information on how to #BeCyberSmart, visit www.cisa.gov/ncsam