Strong Passwords: Best Practices

A password policy is a set of rules designed to help users create strong passwords and manage them properly. It can be recommended or required.

Password Policy Definitions

Password Length: Is the minimum or maximum number of characters a password can have

Disallowed Characters: Characters not allowed in passwords. These are usually symbols.

Remembered Passwords: This setting remembers a certain number of passwords, discouraging users from repeatedly using the same password for security reasons.

Password Expiration: The password expiration period refers to the specific length of time before the user is required to update and change their current password for security reasons.

Password Storage: The way a company allows users to store passwords. Password managers are a common way to store passwords securely.

How to Create a Strong Password

Long: At least 16 characters.¹

Random: Use a mix of unrelated or random strings of letters, numbers, and symbols.¹

Unique: Each password should be different for each website.¹

How to Store Passwords

Password managers are a great way to store passwords securely, but they also need a strong password. BitWarden, 1Password, and Proton Pass are well-known password managers. Furthermore, using browser password managers is a step in the right direction. However, malware authors usually target them to steal your passwords.

Reasons to Use a Password Manager

• Helps spot fake websites³

• synchronize your passwords across your devices³

• Can notify you if your password appears within a known data breach³

Multi-Factor Authentication

While strong passwords are essential, implementing multi-factor authentication (MFA) introduces another layer of security against cyber criminals. MFA requires users to complete two steps to verify their identity. To determine if you have MFA, consider these questions: Do you possess something you know (passwords), something you have (keycards), and something you are (biometrics) (Microsoft, 2022)? If you meet at least two of these criteria, then you are utilizing multi-factor authentication.

References

1. Formulate Strong Passwords and PIN Codes | CISA. (n.d.). Www.cisa.gov. https://www.cisa.gov/resources-tools/training/formulate-strong-passwords-and-pin-codes

2. Microsoft. (2022). What is: Multifactor Authentication. Support.microsoft.com. https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661

3. National Cyber Security Centre. (2018, December 17). Password managers: How they help you secure passwords. Www.ncsc.gov.uk. https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers