Don't pass on password protection
Email. Social media. Streaming services. E-commerce. My ASU.
These are just a few of the online interactions many of us use every day. And while they serve a variety of purposes, each of these platforms is protected by passwords.
Password credentials are critical to safeguarding our online identities. According to the 2023 Verizon Data Breach Investigation Report, the use of stolen credentials remains the top exploit in security breaches for companies and organizations.
“Strong passphrases are an excellent frontline defense against cyber threats and unauthorized access,” shares Philip Kobezak, deputy chief information security officer. “In a time when data breaches are becoming increasingly common, it's more critical than ever that everyone does their part to help protect data.”
The good news is that there are proven effective methods for dissuading hackers, ultimately keeping your accounts and information protected. We sat down with the cybersecurity team at ASU’s Enterprise Technology to better understand how we can design ironclad passwords that bolster online security.
Tip 1: Length is the number one determinant for a secure password.
Passwords are at their strongest when they are over 14 characters long. A good strategy to create a password is to select four or five unrelated words that are strung together by a special character; think along the lines of green-balloon-rice-style. Using words that are unrelated increases the complexity of the password.
Sometimes, there can be a password character limit that prevents the use of this strategy. In that case, another method is to think of a sentence — like “But you keep my old scarf” — and use every letter to create the base of the password. You can add further complexity with characters and numbers; for example, add a semicolon and a date to make it bykmos;1995.
Tip 2: Vary your passwords.
While it may seem easier to use the same password for multiple services and logins, it can quickly become a threat to all of your accounts. That’s because if your password gets stolen in one instance it can be used to access multiple sites and organizations you belong to.
Databases of stolen usernames and passwords are used in attacks called credential stuffing and password spraying. When third-party services are compromised and improperly encrypted, user credentials can be leaked. Hackers then use these credentials in bulk to attempt login, with commonly observed passwords, significantly reducing the number of attempts. This makes using different passwords across services critical.
Password management tools can help keep track of all your passwords, compiling them in a single account. Many password managers will also generate long, convoluted and difficult-to-crack passwords for your accounts. With these two features combined, you effectively bypass the need to remember all of your passwords.
Tip 3: Utilize multi-factor authentication.
While we strongly urge everyone to use different passwords across services, multi-factor authentication can be used as an additional security measure against hacks that stem from a multitude of attacks against passwords.
Multi-factor authentication requires something you know (a password) and something you have (a mobile device, YubiKey, or hardware token) to log into an account. The additional layer of security uses two-step authorization through a verification code via text, call or push notification to a dedicated mobile app. This prevents hackers, who may obtain your password, from accessing your information without your knowledge.
For Sun Devils, Duo’s two-factor authentication to access ASU email accounts and associated services helps to protect against online hackers.
Tip 4: Act quickly when a hack occurs.
Finally, even with the strongest measures, sometimes your passwords can be compromised. In that event, change your password immediately to mitigate illegitimate access to your information.
In today's increasingly digital world, it's important that we all stay informed of the latest online safety practices and remain vigilant defenders against threats.
Celebrate Cybersecurity Awareness Month
In today's increasingly digital world, it's important that we all stay informed of the latest online safety practices and remain vigilant defenders against threats.
“Ironclad passwords are one of the best ways to protect your information, and others in your organization, against bad actors online,” Kobezak continues. ”By following these tips to create a strong passphrase, Sun Devils are not only protecting their own personal data but also contributing to the collective privacy and security of everyone at ASU.”
For October’s Cybersecurity Awareness Month, ASU’s Enterprise Technology hosts a series of activities and campaigns to remain cyber-safe this month, and all year long. Learn more about the ASU Think! campaign here.