Passwords and security questions (Dos and Don’ts):
Passwords and security questions are one way of authentication (What you know). Authentication methods (What you know/ what you have/ What you are) are often used to access systems or devices, websites and services. Multi factorial authentication is a combination of two or more methods like a password (what you know) with a fob (what you have) or even your fingerprint (what you are) making the account more secure.
As in most cases passwords are used as an authentication method, it is crucial to have a strong password (passphrase or complex password) and storing it in the secure way, making sure others could not access systems or devices using your identity.
What to do and not to do regarding passwords
Protecting your Accounts:
- Passwords are like keys; you don’t want one key to open every lock. Have a unique password for each account, website or service that you use.
- Choose a long password. The longer the password the less likely it could be guessed or found (by trial and error).
- Include a variety of uppercase and lowercase letters, numbers, and/or special characters (@!#$%^&*,…)
- Do not use sequential numbers, important dates, or information other people might know or be able to guess about you.
- Do not share your password with anyone.
- Change your password if you ever suspect it might be compromised.
- Use Multifactor-Authentication whenever possible.
- Store passwords securely. Consider using a password manager.
- Be careful when using your passwords or other ways of authentication methods, specially in public places.
- log off or sign out from devices or account when you are no longer using them.
Password examples (strong versus weak)
Create a secure password:
There are two key factors making a strong password, complexity and length. While a complex password might seem harder to guess they tend to be shorter so that the user could memorize, hence easier to crack when there is a brute-force attack as it is quicker to try all possible combinations of keys. On the other hand passphrases could be long in length and that has proven to be more effective compared to the complex ones not to mention that they are easy to remember as well.
Password Crack Time showing the importance of length and complexity.
Now that we know that passphrases are better ways lets see how to make one. Simply put words of a phrase together forming a pass which is easy to remember while being hard to guess. A step further is to add complexity to the mix by putting the first letters of words in that phrase (sentence, poem or a statement that you know by heart) together, using numbers and characters to make it even stronger.
Example of passphrase: “My password is like a key and I will not share it with anyone till the 15/December/2070”
A stronger version of the passphrase could be: mPil@K&iwns!wa-t15D2070
How to make a strong pass (Password’s length versus complexity)
Want to learn more about passwords and how to be more cyber secure, we have interactive courses for cyber security awareness one is around password. Password: General course
Security Questions:
Security questions are another way of authorization and there are some factors to consider while choosing both the questions and the answers. First of all choose the question that its answer is not shared in the social media. Secondly you have the option to choose not to answer trustfully so that in cases of an attack your personal information is not leaked. Best practice is to select the questions that only you know the answers to or replace the true answer with a carefully selected and easy to remember answer or store them somewhere secure (such as a password manager) just to be sure.
If you forget your password or if you think your account is hacked (someone else is using your account or someone else has your pass) please contact the ITS Service Desk for assistance. ITS