The theme of October 2022 Cybersecurity Awareness Month is “See Yourself in Cyber” which focuses on people. As the Cybersecurity and Infrastructure Security Agency (CISA) explained, cybersecurity may seem like a complex subject, but it is really all about people. Everyone has a role to play in cybersecurity and should take steps to stay safe online and protect their privacy, and every employee has a responsibility when it comes to the cybersecurity of their employer to help keep their organization protected.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead Cybersecurity Awareness Month and have suggested four things that everyone needs to do to improve cybersecurity this October:
- Think before clicking and learn how to recognize phishing
- Update software
- Using strong passwords
- Enable multifactor authentication
This week, we will focus on password security – What a strong password is, why strong passwords are necessary, and how you can make life easier and improve security with a password manager.
Improve Password Security and Use a Password Manager
The term strong password simply means a password that is difficult to guess. You may have created passwords that you feel are difficult to guess, but they also need to be difficult for hackers to guess. Hackers know the tricks that people use when creating passwords to make them more complex, so simply replacing the letter S with a 5 or an I or L with a 1 doesn’t make a password any stronger. Passwords are guessed in automated attacks that see many different passwords tried until the correct one is guessed. These automated attacks can allow accounts with weak passwords to be accessed in a fraction of a second.
A strong password is a password that is long, unique, randomly generated, and includes upper- and lower-case letters, numbers, and special characters. Strong passwords do not include dates of birth, memorable dates, names, or dictionary words.
It is difficult for humans to think of truly random strings of characters for passwords, so a secure password generator should be used. These password generators are provided with major browsers and password managers. Since it is not possible to remember dozens of random passwords of 12+ characters, they should be stored in a password manager. The password manager will store the passwords securely in a password vault that only you can access. The passwords will be encrypted so if there is a data breach, the passwords cannot be obtained. The password manager will also autofill the passwords when they are needed, so you do not need to remember them or even type them.
You should avoid storing passwords in your browser as the security provided is nowhere near as good as a dedicated password manager. Even passwords that are encrypted when they are stored by browsers can be obtained by unauthorized individuals if they have physical access to your device, or remote access through hacking, phishing, or malware infections.
Password managers are low-cost solutions that can greatly improve password security. Further, some password managers are available for free. Bitwarden, one of the leading password managers, and is free to use forever and the free tier includes all the core features of the product. For even better security and many extra features, the premium tier is less than $1 per month.