May 2, 2024, is World Password Day! Keeping your accounts secure is important every day of the year. But this day provides an opportunity to audit your passwords and then take a few moments to change or increase the complexity of any that might make your account an easy target for hackers. In just the time it takes to read this exact sentence, a simple password can be cracked.
Recent breaches of popular services like 23andMe and Roku highlight the prevalence of weak passwords opening the door to malicious actors. These leveraged attacks, known as password spray attacks and credential stuffing, allow hackers to access accounts using common passwords or by reusing the same password associated with a username that has been exposed through a phishing attack or breach of a different online service.
While this might sound scary, simply using unique passwords for all your accounts, and adding complexity to your passwords, can give you peace of mind.
The University of Colorado has some great best practices to help you create a strong password and keep your passwords safer.
- Go beyond the minimum requirements set by your campus if you can. The US Department of Defense requires a minimum of 15 characters in a password, which is a good rule to follow.
- You can make a password that appears random by making up a passphrase that means something to you, and only using the first letter of each word. For example, the phrase “My first job in 94 was delivering pizzas!” could become the secure password “M1stji94wdP!”. Or choose some numbers, letters, and symbols and invent a mnemonic based on what you chose.
- Use two-factor or multifactor authentication whenever it’s available to help prevent unauthorized access to your devices and accounts (e.g., a unique one-time code sent to your phone or mobile device).
- Keep your password to yourself and don’t create opportunities for someone else to steal your information:
- Don’t tell other people your password.
- Don’t write your password down.
- Don’t allow your browser to save your credentials or automatically fill your credentials for you. If you can log in automatically, so can anyone else with physical or remote access to your device.
- Use a password manager to help create and store all your strong passwords!
If you want to test your password to see if it would withstand an attempted compromise, check out this article by the CU System Office of Information Security featuring a password strength checker.
For More Information
