Passwords#

Disclaimer#

These are habitual routines that you need to maintain to be effective.

What makes a password secure?#

With passwords, it is generally the case that more “random” passwords are harder to guess. This means that as a baseline, you should not use common or easily guessable passwords such as “password”, “12345”, or “qwerty”. To create a secure password, at least 16 characters is recommended, and increasing the “randomness” of your password can also make it harder to guess. This can be done by using uppercase and lowercase letters, numbers, and special characters, such as !, @, ?, ~, }, and more.

Each website or account should have a unique password. This eliminates the potential for an attacker to sign into all of your accounts using a password cracked from one of your accounts. If it becomes too hard to remember all your passwords, a password manager is a good way to keep track of them. You can find more on password managers below.

What is MFA?#

MFA (multifactor authentication) is a feature that provides an extra layer of security on top of a password to protect a user’s account. An email or phone number are commonly used for MFA. For example, once a user correctly enters their password, they are prompted to enter a 6-digit code that was emailed to them. There are various types of MFA, including biometric, hardware authentication and passkeys.

Why are these important?#

Passwords and MFA are the first and often only lines of defence between anybody in the world and your accounts. This includes your bank account, google account, and even your computer, meaning that if you do not make these strong enough, anybody can guess your passwords and have control over your finances, email, information, and more.

What is a password manager, and why is this important?#

A password manager is an application that can generate strong passwords (even stronger than you can make on your own!) for you and stores them securely. This makes it so that you don’t have to write down or remember all your passwords. Most vaults will require a master password or MFA, and from there, you can access all of your other passwords. It is important to choose a widely trusted and reliable password manager, as it replaces the line of defense to all your accounts.

Password managers also allow you to keep track of how long you’ve used a password for, enabling you to change passwords periodically. Doing so can help prevent people with old versions of your password from signing in.

See section 4.4 (Technical Solutions) for more details.

What are passkeys?#

Passkeys are an additional way to sign in to some services instead of using a password. They are stored on your device securely, meaning that there is no “password” for somebody else to memorize, steal, or crack. However, it comes with the issue that if somebody has access to sign into your device, then they also have access to your passkeys.

Sources: Create and Use Strong Passwords - National Cybersecurity Alliance How Do I Create a Good Password? | NIST https://www.techsafety.org/passwordincreasesecurity

Backward Best Habits to Secure Your Devices Automatic System Updates Forward

If you are in immediate physical danger, call 911!