By the Nardello & Co. Cyber Team
Utilizing Unique and Complicated Passwords on All Your Services
While it is an easier choice to use the same password on multiple sites, all the services on which you use that password are at risk if one of those sites is compromised. With more and more services spawning every day, the threat of potential breaches greatly increases. It is important to utilize a variety of passwords to keep your accounts safe. Password & Pass Phrase Construction
Generally, a good password should not include your username for the site, should be more than 10 characters long, and should have a mix of uppercase and lowercase letters, several numbers, and a symbol. Not all passwords are created equal, however. Technically P@sSw0rd!! fits these requirements, but this would be a poor choice, as it is a variation on the word “password” itself.
One method of producing very secure passwords is by using a pass phrase, like “calculating staplers make good coffee.” This does not have any special characters or capitalization but would generally be very secure, as a machine would have a difficult time guessing this. This phrase would also be very easy to remember, whereas a string that meets those requirements, like BfH@y867g&I8t^ would be difficult. As a rule of thumb, you should take four or five random words and string them together. However, some websites do not like long password like this. Pay attention to the requirements and employ a secure password strategy that works for the site.
Note: You should avoid using movie or TV show names, common phrases or quotes, and similar such phrases. The phrase “I am your father” would be a poor password, as it is a very recognizable quote. Password Managers
While these are standard suggestions, they can be tough to follow. How do you make passwords complicated to guess but also easy to remember? This is where you should employ a password manager. Password managers are personalized databases where your passwords are kept. All you must remember is one password and the rest is done by the manager. Many of these services use cloud storage to make your passwords available across all your devices, so saving a password for later is seamless. Simply sign up for an account, create a good, strong password, and then start adding sites to the password manager
1 as you visit them. Password managers will also assist you in creating complicated passwords, so you do not need to think of them on your own. Common tools for this include LastPass, Bitwarden, 1Password, and KeePass.
Note: Even more important than using one of these tools, is not utilizing spreadsheets, physical notepads, iPhone notes, or other related note-taking apps to store your password. Even further, do not print out these documents. Compromised Sites
You may ask, though, how do we know if a password we’ve used has been compromised already? Visit http[:]//haveibeenpwned[.]com1, enter your email address, and select the “pwned?” option. This will tell you all the places where your password may have been compromised. You can assume that the password for that site is a part of a much larger repository of stolen passwords, meaning you should not use it again and you should change the password of any site that may have used the same password.
As always, stay safe out there and when in doubt, disconnect from the internet and call IT support.
Too Long? Didn’t Read?
Weak password: Hello123! Strong password: BfH@y867g&I8t^ Consider using a pass phrase like: meander when skylines telephone Use a password manager, such LastPass, Bitwarden, 1Password, or KeePass Have I been compromised before? http[:]//haveibeenpwned[.]com
1You’ll notice that this site has brackets around the colon and around the period. This is to make the link not clickable. The next series will be on phishing. To visit this link, remove the brackets and enter the link into your web browser.
Contact
Nardello & Co. Cyber Team Jud Welle, Brett Yeager, Liam Callagham, & Alex Vosghanian [email protected] +1 212 537 5300
2