Search

Step up your password management game

By Liz Rock, Associate Manager – Branded Content and Channels, Association of International Certified Professional Accountants

With identity theft becoming one of the world’s fastest growing crimes, days like World Password Day are crucial to raising awareness of online threats. So I met Jay Overcash, Director of IT Security Strategy, to talk about how people can protect themselves from hackers. 

Why is World Password Day so important?
As our lives move into the digital realm, we rely on authentication to protect our valuable online data and assets. Usernames and passwords remain the predominant method for securing online data. World Password Day is important as it draws attention to the need to adequately protect online data with a strong password.


While today is World Password Day, how often should we evaluate our passwords and consider changing them?
Everyone should evaluate their passwords and consider changing them as least once a year. If you use the same password on multiple websites, then you should consider changing the password more frequently; however, the best advice is to have a unique password per website and application.

What are some best practices when creating or changing a password?
The National Institute of Standards and Technology Special Publication 800-63B on Digital Identity Guidelines recommends creating an easy-to-remember password that is long and composed of a series of unrelated words. The minimum recommended password length depends on the sensitivity of the data being protected but it is generally agreed that 8 characters should be the minimum length.  An example of an easy-to-remember password composed of unrelated words is redfootballthreebutterflies. This password does not use any numbers or symbols and is easier for the end user to remember. From a security perspective, the length of 27 characters is exponentially more difficult for a machine to crack, and the unrelated words make it extremely difficult to guess. Even with this long, much more secure password, individuals should change their passwords at least once per year.

How else can people protect themselves online besides staying aware of passwords?
In general, people should always use anti-virus software and not click on links or attachments in emails that appear suspicious. Additionally, users should only download files from trusted websites. One optional item to keep users’ accounts safe is enabling multi-factor authentication (MFA) on their accounts. MFA also referred to as two-step verification, provides a second method for verifying authentication for accounts usually via text message or email notification. Enabling MFA will greatly improve the security of your accounts online.

Given that today is World Password Day, it’s the perfect time to take the pledge to #LayerUp. Add multi-factor authentication and evaluate your current passwords. It could save you a lot of trouble in the future. 

Protecting yourself and your clients’ information should be an everyday task. Stay on top cybersecurity by visiting the third part of our "A-E" of digital disruption learning series on Cybersecurity.