Attackers use modern hacking technology to guess passwords. In this video, learn about how to identify the key components to a strong password and describe good password practices.
- The most important thing to understand when it comes to password security is that the vast majority of passwords are fairly easy for a hacker to compromise. Unique strong passwords for each of your critical accounts is the best course of action. Security expert Troy Hunt says the only secure password is the one you can't remember. The formula for a strong password is straightforward. It must be at least 12 characters. Ideally, it's 16 or more. It must include a mix of upper and lowercase letters, numbers, and special characters. Avoid words found in the dictionary. Do not use obvious letter replacements like dollar sign for S, or at sign for A. It should be unique, meaning that you don't want to use the same password for multiple accounts. Avoid using family members, pet's names, birthdays, anniversary dates, or your mother's maiden name. Make sure it's not a password that has already been compromised. See Troy Hunt's Pwned Passwords list. How do you keep track of all these passwords? Use a password manager, a secure digital notebook, to store all your passwords. This will allow you to use unique and strong passwords for all of your accounts. If one of your accounts is compromised, it will help to limit the impact to that single service. Personally, I use LastPass. 1Password is another good option to consider. To understand why strong passwords are necessary, let's look at the most prevalent hacker techniques to crack passwords. The first technique uses tools that can crack a 10-character password in as little as two hours. The InfoSec Institute publishes a list of software tools that can help a hacker to easily crack a password. Many of which are completely free. These tools compare your password to immense lists of words from the dictionary, common passwords, and real world passwords that have been stolen from data breaches. These databases often hold more than 500 million real passwords. Hackers will also use social media posts to create educated guesses for cracking passwords. If you're the type of person who uses the name of your partner, one of your kids, or your pet cat as your password for everything, and you post this type of information on social media, then it's relatively easy for a hacker to guess your password and get it right. If you use the same passwords for different accounts, a data breach on one website can compromise all your accounts. In an attack called Credential Stuffing, hackers use your stolen credentials from a compromised site to try and log into your other accounts. If your social media password is stolen in a data breach, and it's the same password you use for email, you can pretty much consider your email to be owned. Passwords are easy to steal. Don't use personal information that you post on social media as your password. If it's very easy to remember, it may also be easy to guess. Use strong unique passwords, and consider using a password manager.
- Protecting sensitive information in your physical office
- Avoiding malware attacks
- Social engineering attacks, such as voice phishing
- Avoiding security attacks on smartphones
- Identifying different types of email scams
- Best practices for working with both public and home Wi-Fi
- The benefits of using VPN
- Creating strong passwords
- Protecting company and employee information