October 27, 2020 | Cyber Security, Industry Insights, Insights | Jason Palumbo
How to Create a CyberSmart Password
CREATING A PASSWORD
This is the final blog post in our series highlighting the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency efforts on the “Do Your Part – #BeCyberSmart” campaign for October, the National Cybersecurity Awareness Month. The cyber awareness topic for today is How to Create a CyberSmart Password.
Today’s 8 tips on creating a password come courtesy of the National Cybersecurity Alliance and The Cybersecurity & Infrastructure Security Agency. We are sharing this valuable information to the trade community in order to help raise industry awareness and hopefully prevent cyber incidents.
Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No citizen is immune to cyber risk, but #BeCyberSmart and you can minimize your chances of an incident.
Creating a strong password is easier than you think. Follow these simple tips to shake up your password protocol:
- Use a long passphrase. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and
- Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to ﬁnd on social media, making it easier for cybercriminals to hack your accounts.
- Avoid using common words in your passwords. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
- Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
- Keep your passwords on the down-low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
- Unique account, unique password. Having diﬀerent passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up—ﬁnd easy-to remember ways to customize your standard password for diﬀerent sites.
- Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more
- Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Veriﬁcation Value (CVV) codes, answers to security questions, and
For more information about how you can Do Your Part. #BeCyberSmart, visit www.cisa.gov/ncsam
Download your own copy of these 8 Tips to Create a Password.