National Cybersecurity Awareness Month, by Laura Baker Co-Founder of CyberWyoming
October 21 – The news just came out – Equifax was breached partly because the Administrator’s password was “admin”. https://www.theinquirer.net/inquirer/news/3082848/equifax-admin-password-hack-lawsuit
You always hear about passwords…always always always. But did you know that the recommendations for passwords have changed? NIST (National Institute for Standards and Technology) is now recommending a long passphrase, like 64 characters long, instead of the password with the symbols, combination of capital and lowercase letters, and numbers. In addition, they say that if you do use a 64 character passphrase and that if it is unique to only one account, then you only need to change your passphrase if there is a ‘cyber incident.’
How do you know if there has been a cyber incident? You will usually hear about it in the news or be notified by the company, but there is another way you can manage it. If you use your email address as your user id, you can check https://haveibeenpwned.com/ to see if your email address is on the dark web. If it is, then change your passwords to unique passphrases on those accounts.
So how do you know if your passphrase is ‘good enough’? Think about what is on your social media and make sure a savvy hacker couldn’t guess it. For instance, don’t use “I_live_in_Wyoming!” People can guess that.
A great place to check password complexity is https://howsecureismypassword.net/. HOWEVER, NEVER enter your real password into any of these online tools. Just play around with it to see what kind of passphrases are best and then pick one different.
Here’s what the National Cybersecurity Awareness Month has for tips for passphrases: #BeCyberSmart #CyberAware
- When it comes to passphrases, it best to mix it up and stay unique! Keep them fun, easy-to-remember and don’t reuse them.
- Passphrases should be just like you – fun and unqiue! Here’s an example: “I love chocolate ice cream with sprinkles!”
- P@s$w0rds_d0n’t_hav3_2_b_th!s_Complic@teD! Seriously, who can remember that? Make your password a passphrase. Keep it fun and friendly, just like this!
- Sometimes even long and strong passphrases aren’t enough. Step up your game with multi-factor authentication and keep all your private bits…private.
- No matter how long and strong your passphrase is, a breach is always possible. Make it harder for cybercriminals to access your account by enabling multi-factor authentication.
- Enable multi-factor authentication to ensure that the only person who has access to your account is you.
- WATCH: “Passwords Matter!” Learn what makes a strong password at https://habitu8.wistia.com/medias/r3b9dqonba