October is Cybersecurity Month! This week CIA IT is writing about Password Security. Here are some tips to improve your account password strength!
Use Complex Passwords
Here at CIA we require passwords to be 8 characters long, both upper and lower case letters, a number, and a symbol. However, the best passwords are 12-15 characters long and contain uppercase/lowercase letters, numbers, and special characters! A good suggestion is to build a passphrase instead with an anagram, an acronym, or an entire phrase. Test how long it would take for a computer to crack your current password here.
Use Different Passwords for Different Accounts
CIA uses OneLogin as our single sign-on. A single sign-on means you use one password to log into myCIA, CIA computers, the CIA network, your CIA email, and many other CIA specific accounts. However, you probably shouldn’t use that password anywhere else! This protects your data because if there is a data breach on one account, it means the hackers don’t have access to all your information, everywhere.
Update Your Password At Least Every Six Months
A safe password is a changing password. At CIA if you are a staff or faculty member, we ask you to update your account every six months. Soon we will require changes for students also. If you're a student and you haven’t updated your password ever, please do so now at cia.onelogin.com/profiles, login, then click ‘change password’.
If you haven't already, now is a good time to update your security questions if you forget your password at the link above.
As Clifford Stoll, an American Astronomer once said, “Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.”
Use a Password Manager Instead of Saving Passwords in Your Browser
If someone gains access to your computer all your passwords or worse, credit card information, is available to them. Use a password-protected management service listed below!
Password services exist on your browser of choice as an extension and several are free for personal use. It also works across devices! CIA IT uses LastPass to manage our host of password-protected accounts, but there are others too. Dashlane, Keeper, and Bitwarden are some others, but in this day and age, password management services are the way to go! You won’t regret setting one up.
Setup and Maintain Multi-factor Authentication
Recently CIA has required a second authentication to log into your email. This is either a text message or phone call with a code you use to enter your account. While it requires you to be near your phone, it’s a valuable tool that prevents access from a hacker. If you are given the option to set up multi-factor authentication for an account, it’s recommended you do!
Remember to Log Off
An open account is an accessible one! While staying logged in is often very helpful, it also puts you at risk. Make sure you always log out when you are using a shared computer, such as a computer in CIA’s computer labs. You should also get in the habit of logging out or locking your personal computer.
If you follow the above tips, your password skills will be nigh impenetrable! If you have any questions about password security, contact the Help Desk at firstname.lastname@example.org.
Thanks for reading,
Poppy Lyttle, IT Manager