Passwords are ubiquitous these days and choosing ones that are hard to guess and easy to remember is challenging. The following tips will help make your digital life more secure.
- Don’t share your passwords with anyone. Even if someone is claiming to help you, it is probably a scam. IT departments and customer service representatives know not to ask customers for passwords. If you did share a password, change it as soon as possible.
- Don’t use the same password for your accounts. If hackers guess your password, you can be sure they will try it on your other accounts.
- Create long passwords. Use at least 16 characters if possible. Passwords should be easy to remember but hard to guess.
- Try to use sentences or phrases. Avoid single words, or a word preceded or followed by a single number. Hackers use databases of words to guess passwords.
- Don’t use birthdays, home addresses, or the names of your significant others. Hackers mine social media accounts for password clues.
- Make your password complex. Use upper and lower case letters, numbers, and special characters. Try to have at least one of each of these in your password.
- Don’t create a document on your computer with all your passwords. Hackers can easily search hard drives for password information if they get access to your computer or mobile device.
Use Two-factor Authentication
“As cyber threats become more sophisticated, the importance of secure methods to protect digital information becomes increasingly apparent. Traditional passwords are no longer sufficient due to their vulnerability to theft and hacking, highlighting the need for advanced authentication methods to enhance security.” MalwareBytes, “Enhancing digital security with two-factor authentication (2FA)“
We strongly encourage members of the Commons to use Two-factor authentication. It adds another layer of security to your account. Even if someone successfully hacks your password, he or she still needs to have access to a token that is sent to your email, mobile device, real time authenticator, or hardware device. Below are your choices to implement 2FA. Of these choices, the Commons recommends Time-Based One-Time Password (TOTP). Once set up, it is easy to use and does not require access to your email account.
After a member enters password, an email is sent to the member’s email inbox. The member enters the 6 character token from the email to confirm.
TOTP
With Time-based One-Time Password (TOTP) the member sets up an authenticator app that automatically recognizes an authentication request. The member goes to the app, enters the token and confirms.
Hardware
A member purchases a hardware device and connects it via USB to laptop, desktop or mobile device. Whenever a password is entered, the request is automatically verified.
For more information about setting up two factor authentication on the Commons, follow this link.
Use a Password Manager
Password managers store your passwords securely and allow for extremely complex passwords which you do not need to remember. Typically, you have one master password that you need to access your entire collection of passwords. Make sure you can access them across multiple devices. If you use a password manager on a school computer, make sure to sign out before you finish. Here are some examples of free password managers:
-
- LastPass: https://lastpass.com/
- KeePass: https://keepass.info/
- Keeper: https://keepersecurity.com/
- Password Safe: https://pwsafe.org/
- Dashlane: https://dashlane.com/
