Having good password hygiene is vital to help prevent criminals from gaining access to user accounts. The tips below explain why good password hygiene is important and how you can improve yours.
Why the need for good passwords or passphrases?
Passwords or passphrases are commonly required to authenticate your identity with a computer resource. Choosing a strong password that is unique and not easily guessed is really important to maintain the security of the data or resources accessible with it. What's more, creating a unique password is more important than changing a password frequently as unique passwords are harder to guess.
How are passwords exploited?
Weak passwords or reusing the same passwords on multiple user accounts are commonly exploited by cybercriminals to obtain unauthorised access to systems and data.
Although cybercriminals use various techniques such as social engineering to obtain passwords through phishing attacks, other techniques include brute-force attacks where millions of letter, number and character combinations are tried against a user account in an attempt to authenticate the account. Another technique used is known as a dictionary attack where known word and number combinations are used to guess passwords.
Weak passwords or reusing the same passwords on multiple user accounts are commonly exploited by cybercriminals to obtain unauthorised access to systems and data.
Should I choose a password or passphrase?
We would suggest using unique passphrases, rather than single words. Generally, passphrases are easier to remember and are much more difficult to crack due to the amount of computing time required.
How do I select a strong password or passphrase?
Passwords
- Ideally choose a mixture of letters in uppercase and lowercase, numbers, and special characters to form a unique password that is hard to guess.
- Use a minimum of 8 characters and maximum of 64 characters.
- Restrict sequential and repetitive characters (e.g. 123456 or zzzzzz).
- Consider using a password manager to create and store your password.
- Use a different password for different sites (the password manager will remember your passwords for you).
Passphrases
- Design a passphrase and commit it to memory.
- Use three or four random words and join them together to form your passphrase. Use capital letters, special characters, and numbers if you wish. For example: HeatplaneFoul20!!
- Use word association to help you remember passphrases.
- Consider using a password manager to create and store your passphrases if you have too many to remember.
Should I use my password or passphrase with another authentication method?
It is important to add an extra layer of security to protect your email accounts or other important user accounts. Adding multi-factor authentication (MFA) is a powerful tool to protect your online accounts and will prevent 99% of attacks. This means that if your password or passphrase is stolen, cybercriminals will still need access to your MFA device to be able to access your accounts.
Further information
For a guide on how to set up MFA on email, click here.
NIST guide - Easy ways to build a better password can be found here.
