How to Make Your Passwords More Secure and Easier to Track With Password Managers
The Information Technology Directorate always emphasizes vigilance online, whether you’re doing research for work or surfing the net at home. During October, which is Cybersecurity Awareness Month, IT is going further into the hows and whys of safeguarding your information on the web.
Each week during October, IT will send an email newsletter to the workforce that goes deeper into a cybersecurity-related topic. The Exchange Post will also publish weekly stories about these topics.
This week’s topic is best password practices. The Exchanges requires associates to change work passwords every three months, and the process is easy. Although some associates call the help desk for password-reset assistance, they can change their passwords much more quickly themselves.
“We want associates to know where they can go to change their passwords,” said Cybersecurity Chief Jesse Tobar. “You can go to the Employee Self Service link on the home page instead of picking up the phone and calling the help desk.” (The Employee Self Service link is in the blue rail to the right on the home page; once you click on it, you can see the password reset link beneath your log-on ID and password.)
But you also have personal passwords to think about, and you should make them at least as complex as your work passwords—without using the same ones for home and work.
In 2023, according to the National Cybersecurity Alliance, the most common passwords remain “123456,” “123456789,” “qwerty,” “password” and “12345.” Although those are easy to remember, using them is not good password practice.
According to Hive Systems, a hacker can crack a four-character password instantly, no matter what combination of letters, numbers and/or special characters is used. Even an 11-character password that consists only of numbers can be stolen instantly. The longer the password, and the wider the combination of numbers, upper- and lowercase letters and symbols, the safer the password.
According to the National Institute of Standards and Technology’s guidelines, all online passwords should be:
- lengthy (preferably 12 or more characters, with a variety of letters, numbers and symbols)
- unique for each account (so that breaking one doesn’t compromise multiple accounts)
- divorced from personal meaning (such as birthdays or pet names, so that social networks provide no clues)
- updated whenever a breach is suspected
Because multiple passwords can be difficult to remember and for other reasons, the Exchange IT Directorate recommends using a password manager to keep track of your passwords and keep them secure. A password manager, which is usually an app, can generate new, complex passwords for multiple sites and store them.
“It’s just an easy way to have all your passwords across all of your devices saved in one place, so you only have to remember one password,” said Conner Vaughan, Exchange data security analyst. “Different sites have different password requirements. Some require you to have six characters, some require an alphanumerical password, some need a special sign. A password manager makes them more secure, and you can have all of your passwords stored for the different websites.”
Password managers also save time and protect your identity and can alert you to potential phishing websites or possible password breaches. The National Cybersecurity Alliance recommends that you research and compare different password managers and find the one that works best for you. Here are some guides suggested by the alliance:
To learn more about cybersecurity, visit the National Cybersecurity Alliance by clicking here. To learn more about the Exchange’s Cybersecurity Awareness Team, click here.
Next week’s topic: Software updates. Follow ExchangeAssoc Instagram, X and Facebook throughout October for posts on Cybersecurity Awareness Month topics.
