Cybersecurity Awareness Month Tip – Password Security

Why Varying Your Passwords Is So Important

Passwords have long been considered a simple but effective way to protect equipment, data, and networks. But as we continue to use more and more devices, applications, and systems, the simplicity is fast being lost. With several devices and dozens of online services used daily — many of which are likely to have varying password policies — it can be next to impossible to keep track of our logins.

People cope with the sheer number of passwords they have in several ways. Unfortunately, the most common — and riskiest — approach is to reuse passwords. Why is this so dangerous? Because the loss of one password for one account — perhaps through malicious software, a phishing email, or a data breach on a website — could cascade into the loss of multiple accounts.

How might that happen? Let's say you use the same password for a social media account that you use for your email. Let's also say that hackers break into the social media site and steal all of the passwords there. Using special tools, these hackers can quickly tie passwords to users and users to email addresses. Once that happens, your accounts can be reset by the hackers and fall under their control.

Tips for Protecting Your Information

If you don’t already, the first order of business is to use a unique, strong password for each important site. An important site is one that houses or gives you access to sensitive data:
  • Banking, e-commerce, and other money-related information (e.g., credit card or checking accounts)
  • Confidential personal information (e.g., federal tax filings, medical or insurance accounts)
  • Private communications (e.g., work or personal emails, social networking) 
It's OK to reuse passwords for unimportant sites, such as for news sites, general message boards, or other sites in which you don’t reveal any personal data. But for important sites, unique and complex logins are a must.

The second thing you can do is to write down important passwords and keep them safe. It goes without saying that any list of this kind needs to be kept private and secure. Options include writing your passwords down and storing them in a safe place in your house (e.g., a lockable drawer), or using a password manager application on your smartphone (which, naturally, should be secured with a PIN). 

Bottom Line: Manage Your Risk

So, how do you decide if a site is important or not? Think about the potential damage if a hacker gained access to your password and the data protected by that password. If a compromised password could result in significant damage — in terms of identity theft, stolen money, or loss of sensitive or confidential information from your workplace — that is an important site and you need a unique, private password for that account. 

For more information, contact ITSecurity / 4054 /