The Do's and Don'ts for Building a Strong Password

The Do's and Don'ts for Building a Strong Password
Bea Gillam
Author: Bea Gillam

Cyber Security Awareness Series

October is the month of cyber security awareness. 

Think of a strong password as your first line of defense against attackers. Be it "ABC123" or "password," these are classic illustrations of what a password could look like, but they certainly don't qualify as strong choices. In this article, we'll delve into the significance of passwords in your daily life and provide a list of dos and don'ts.

When we mention "password," we mean a sequence of characters that grants entry to a computer system or service. Passwords play a vital role in today's society, acting as the initial barrier safeguarding sensitive information from unauthorized access. They distinguish between authorized users and potential threats. Strong password practices and strict enforcement of policies are essential components of a robust security strategy.
The responsibility for strong passwords falls on everyone because a single breach can put an entire organization at risk. While it's crucial to protect administrative passwords, even regular users can become targets for further attacks. In fact, they are often the entry point attackers use to then pivot to higher privileged accounts.

The Don’ts:

  1. 1. Don’t use personal information in your password.
  2. Attackers can use personal information to hack like birth dates, ages, family and friends names, anniversary dates, pop culture/sports reference, and even pet names. Basically anything that can be tied to you personally.

So ditch that password that has the name of your favorite pet followed by your birth year or your kids name and ages.

Bad Ex:

2. Don’t write down your password or store it in an unprotected app on any device.
Anyone who is able to steal your device or hack it can easily find the notes app and find all your passwords. Probably should shred that sticky note that you keep in your top desk drawer with your twitter log in that you always forget. Use a password manager like Bitwarden.

3. Don’t use the same password for all your accounts.
If a hacker figures out your password for one account, he has access to the rest if you share that password across accounts. Which is really bad if you share passwords with the organization you work for, making you a liability.  As with the previous example, a password manager can help you by generating random passwords for sites that are not used elsewhere.

Bad Ex: 
Twitter: Matthew 1993
Bank account: matthew 1993

4. Don’t use words that can be found in the Dictionary.
An attacker can utilize a  dictionary program to guess your password. Having a password with one word is easy for you to remember, but also easy for an attacker to guess.

Bad Ex: 

5. Don’t use sequential numbers, the alphabet, or keyboard combinations.
Using sequential numbers, the alphabet or keyboard combinations are predictable. It is really easy to guess, and you aren’t being “clever” by sliding your finger across a row of keys to be “cool”.

Bad Ex: 

The Do's:

1. Do use a longer passphrase.
Having a long password can make it harder for attackers to hack you. Just because it’s long doesn’t mean it has to be boring. You can pick a quote from a book, movie, or video game. You can also create your own phrase as well.

Good Ex:

Hello, my name is Inigo Montoya. You killed my father. Prepare to die.
When I was your age, television was called books

2. Do use a Random Password.
You can use a password generator that is included with your Password Manager, such as Bitwarden.(Can you tell we like BitWarden?)  You can also come up with acronyms, abbreviations, code words, or even smiley faces if you are up to it :)

Good Ex:   c3N^pUN%RB*GbrPXa^9dp5ZYxbKNLo 

3. Do use a Password Manager.

Creating a longer and random password can be difficult to remember, especially if you are changing it every three months. Luckily we have Password Managers to help with that. Not only do they keep your passwords safe, they also use multifactor authentication and have password generators to help you create secure passwords and a secure vault to keep them.

Some Recommendations:
Bitwarden (Our Favorite)

4. Do use a MFA.
MFA stands for Multi-factor Authentication. MFA  is a security method that requires users to provide at least two forms of verification, such as a password and biometrics or a password and an authenticator app or a password and a  cryptographic  to access a system or account. It enhances security by adding multiple layers of authentication to your account making it quite difficult for an attacker to get in.

Authenticator App Recommendations:
Google Authenticator
Microsoft Authenticator

In conclusion, strong passwords are your first line of defense in the digital realm. They protect sensitive information and distinguish between authorized users and potential threats. Whether you're an admin or a regular user, everyone plays a role in ensuring strong security. So, choose your passwords wisely to safeguard yourself and your organization online.

Join the Professionally Evil Newsletter