(CC BY-NC 2.0 photo/Flickr user Jeso Carneiro)
October is National Cybersecurity Awareness month. This is the first article in a four-part series on security brought to you by the College’s Information Security Team.
Why are passwords important? Passwords are the first line of defense to protect yourself from unauthorized access to your accounts and devices. When selecting passwords, consider the following easy steps to securing your digital life: create strong passwords, use a different password for each online account, use a password manager, and use two-factor authentication when possible.
Create Strong Passwords
Using a unique, strong password for each of your accounts is the best way to keep your accounts secure. The key to a strong password is length and complexity. Your passwords should be at least eight characters long and difficult for someone to guess.
Avoid using personal information, especially if someone can find the answer on social media, or by searching your name online. Also, use a mix of uppercase, lowercase, numbers and symbols. Passphrases are also a great option for a password. Passphrases, while they must be much longer than a “normal” password to be secure, they are far more secure and far easier to remember than random strings of characters. Most effective passphrases will capitalize a word and add a number or special character to the phrase.
Use a Different Password for Each Online Account
Using different passwords prevents having all your accounts compromised if a data breach occurs. Imagine if one key opened your front door, your car, your bank, and your safe. If someone got hold of your one key — poof — they’d have access to everything. Cybercriminals know people reuse passwords, and after a major password leak, they will try using those passwords and email addresses to get into all kinds of sites.
Never use the same password for a Geneseo account and a non-Geneseo account (such as Facebook, Amazon, or Netflix).
Use a Password Manager
If you are having a hard time keeping all of your passwords straight or if you are using just one password for everything, consider using a password manager. Password management applications provide one consistent interface to generating, saving, and accessing all your passwords. This makes it easy to use different, hard-to-remember passwords for every account, so you only have to remember a single master password to get in. They also can sync across all your devices.
Although the majority of your passwords should remain secret, there are times when sharing a password with your coworkers is a business necessity. To securely share passwords with your coworkers, you need to use a good password manager that supports sharing. CIT has licensed 1Password for Teams for password sharing. Visit CIT’s self-help document on Password Managers for more information.
How not to share a password is also important!
- Do not send a password in clear text using text messaging, email, Facebook Messenger, etc.
- Do not share a list of passwords stored in a Google Doc or Sheet. Creating a shareable link for a Google Doc makes it open to the public and accessible to anyone with the link.
- Do not store passwords on the \\Files server.
Use Two-Factor Authentication
Enable two-factor authentication for the accounts you want to protect the most. In addition to having a strong password, it will help ensure your accounts don't get hacked. It requires both "something you know" (a password) and "something you have" (your phone). After you enter your password, you'll get a code sent to your phone, and after you enter that code you will get into your account. Two-factor authentication makes you immune to most internet-based attacks if someone gets your password from phishing or a data breach, as it is mostly useless to them without also being able to receive the code.