#NCSAM: Security Back to Basics: Tip of the Day
In honor of National Cyber Security Awareness Month (NCSAM) we’re taking the conversation back to security basics. Throughout the month of October, Duo will be posting helpful security tips to ensure you stay secure and safe online during your day-to-day digital activities.
Plus Engaging Security Activities
We made a bunch of free tools and activities to foster security education and awareness.
To learn more, please visit: https://duo.com/security-123
Without further ado, here is today’s security tip:
Tip No. 7: Protect Your Apps With 2FA
2FA or two-factor authentication is an excellent way to drastically improve the security of your accounts. Two-factor authentication strengthens your account security by requiring two factors to verify your identity. These factors can include something you know - like a username and password – plus something you have - like a smartphone app to approve authentication requests.
2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
This video helps explain how 2FA works
These videos explain the multiple options for second-factor authentication.
Tip No. 6: Use A Password Manager
If our previous tips sound tough, harness the power of a password manager to help! A password manager will do all of the remembering, creating, and sharing of a strong password for you.
What is a Password Manager?
CNET says, “Simply, a password manager ... is an encrypted digital vault that stores the login information you use to access websites, apps and other services. Besides keeping your credentials, identity and sensitive data safe, a password manager can generate unique, strong passwords to ensure you aren't reusing them across your services.
You can even share a password like a login for coworkers or family members to a shared application or account without necessarily revealing the password to your share recipient.
Tip No. 5: When to Change Your Password
I know, I know, you just figured out a snazzy password you can access, you didn’t share it and now we are asking you to change your password.
There are times you should consider changing your password right away. Here are few:
After a website or company you use discloses a security breach
There is evidence of unauthorized access to your account - many popular sites allow you to look at your access history
There is evidence of malware or another compromise of your device
Someone with shared access to an account has left the business, relationship, or role required for the access provided
You logged in to the account on a shared or public computer (such as at a library or hotel)
Your roommate moved out.
You suspect your password has been shared without your consent
You have proof your account was compromised as a service you use was breached, or your security monitoring service has alerted you
2FA security helps protect against password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
Tip No. 4: Safely Share Your Passwords
It used to be that sharing your password for any reason was frowned upon. And while it’s not necessarily recommended that you share your passwords, our digital lives make it a necessity in some instances. For example, there may be accounts that you share with a family member that require you to use the same password. There may also be times when passwords must be shared among colleagues.
Some instances in which you might share a password include:
Paying household and family bills
Managing joint credit card or bank accounts
Using a shared wi-fi network
Using a shared online storage service for photos, documents
Using a shared online shopping account
If you have to share a password, it’s recommended that you do so safely. How?
A password manager (see tip No. 6) gives you the option to safely and securely share a password – passwords stored in a password manager are encrypted and can be shared in an encrypted format with others. Certain password managers allow you to share passwords without revealing the characters if you'd like to keep the true password confidential and revoke-able. Sharing encrypted passwords through a password manager is much more secure, and much safer than writing them down, emailing them, or texting them.
Tip No. 3: Avoid Reusing Passwords
I know what you are thinking, your brain hurts at the idea of a unique password for every digital login in your life, because that is a lot of logins. But trust us, you should make unique passwords, starting with your most important accounts.
Password reuse could allow an attacker to use a password they compromised on one account to attack the rest of your accounts. If you used the same credentials on a music site as your bank account, if the music site gets compromised, so does your bank password. You can't always prevent a website getting breached, but you can make sure the concern stops with that singular account.
Tip No. 2: What Makes A Good Password?
It is easy to say, make a good password, but what makes a good password? Here are some helpful password strategies.
What TO Do: Random Word Approach
● BananaStapleZoroCanada2016forElPresident
● CatBoat2000UtilizePandaBacon
What TO Do: Passphrase Approach
● The74dingoscarriedawaymyoatmealsalad.Sadday.
To Be Even More Secure
● Think beyond the password with two-factor authentication (2FA)
● Use a password manager
● Use the max number of characters allowed with as much complexity as allowed (including upper and lowercase letters, numbers and symbols.
Avoid
● Singular words or common phrases, such as the term “password”
● Personal information as a password (name, birthdate, etc.)
● A single type of character, such as only uppercase letters or only numbers
● Repeating characters or consecutive characters, like “1234567” or “abcdefgh”
If you have made poor passwords because it is easier to remember in the past, you are not alone – it can happen to anyone. Creating a stronger, more secure password doesn’t have to be complicated. This is actually much easier than the alternative.
Tip No. 1: Use A Strong Password
Making a strong password is important because, let’s face it, humans are a bit predictable — and that makes it easier for hackers to guess passwords.
A GOOD Passwords must:
Be unique and never before used
Have a minimum of 16 characters
Get creative. Use “ph” instead of “f” or “1” instead of “i”
Include two of the three: upper/lowercase letters, special characters, numbers
To Be Even More Secure
Think beyond the password with two-factor authentication (2FA)
Use a password manager
If you have to remember your password by writing it down (which isn’t recommended, but, again, we’re human), never list any identifying information as to who it belongs to or what account it is tied to. Treat it as you would your social security card or passport. Always maintain physical control!
Enjoy our "Compromised Credentials" video.