It’s October, so that means it is National Cybersecurity Awareness Month. The Department of Homeland Security uses this month to remind everyone of the importance of cybersecurity. This year’s campaign — "Own IT. Secure IT. Protect IT." — is designed to encourage everyone to be proactive about their cybersecurity and to take responsibility for their online behavior. As part of that effort, there are several methods that can be used to create strong passwords to protect accounts.
Creating an online account starts with a username and a password. Most websites require users to use email addresses as usernames, which is easier to find online than most of us would like. All that is left for a hacker to figure out is your password — the same one many people use on many websites. In one survey, 83% of respondents used the same password for multiple sites. If you use your one good password on a website that gets hacked, you are at risk of losing something valuable from an account with that same password, such as your bank account information.
Below are some steps to consider taking regarding passwords.
1. Use a password manager. With so many accounts requiring a unique password, it is hard to remember them all. Password managers can be used on a desktop and/or a mobile phone via an app.
2. Create unique, hard-to-guess passwords for every account.
a. Shorter passwords, no matter how complex, are easier to crack. Allow the password manager to create 20-character or longer passwords or use passphrases (i.e. Joe=Rides=2Yam$=Back2Back).
b. Do not use common words or easily determined passwords. Is your password one that many use, such as P@$$word1? Can a hacker guess your password by your online information, such as your child’s name, birthdays or hobbies? Many password-cracking tools can quickly crack passwords from a dictionary, a famous quote, or line in a book.
c. Do not use patterns. When you create or change your passwords, do not use a pattern that makes it easy to guess other or future passwords. For example, many users change the end of their passwords to the current year or go from a single "!" to two "!!" or add a "1,""2" or "3" for three passwords for three different sites, for instance. With the many breaches that have occurred, there is a good chance an old password or two of yours is online.
3. Add login protection to your accounts. Enable multifactor or two-factor authentication, also called an MFA or 2FA, if available. When logging in to an MFA-enabled account, you enter a username, password, and something that you can only get from your MFA device or that you can provide because it is unique to you, like a fingerprint. If you use your mobile phone as an MFA device, then you might have an app to open and get your code or receive a text message with a code you must also enter. If given a choice, the app is more secure than text.
4. Do not enter login credentials via an unsolicited email or website. No legitimate organization will send you an email that asks you to click on a link and enter your username and password, unless you just requested a password reset or just created an account and this is the account verification email.
Visit the National Cybersecurity Awareness Month website at https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019 for more information. To learn about FTCC’s Systems Security Analysis program of study visit www.faytechcc.edu or call 910-678-8400.