Passwords, when used correctly, are an extremely simple and effective way to protect your account and data from unauthorized access. Even when learning and working remotely, we need to continue to use good password practices.
There are a number of methods cybercriminals use to obtain your password, including:
- Social engineeringtricking people into handing over passwords. No one should ever ask you for your password.
- Using the same password on multiple accounts where one of the accounts becomes compromised, exposing that shared password.
- Physically stealing them; for example, when they are written down.
- Guessing based on easily accessible personal information (name, date of birth, etc.).
- Trying to use one of the most common passwords (123456, password, etc.).
- Brute forceautomated guessing of passwords.
- Shoulder surfingobserving people typing in their passwords in public places.
- Key-logging malware which records passwords as they are entered.
- Intercepting them as they are transmitted over an unsecured network.
The following methods help to highlight some basic precautions which users can take to protect themselves.
- Never give anyone your password. No one should ever ask for it.
- Use a complex password containing multiple words that is at least 15 characters long.
- Use a unique password for every account.
- Never re-use passwords.
- Do not use any of the following in your password:
- Your name or username
- Family members or pet names
- Birthdays or anniversaries
- Numerical or keyboard sequences (123456, qwerty)
- Never share passwords or leave them written down next to your computer or in an easily found place.
- Be careful entering your password in public spaces where someone may be able to see you typing it.
- Do not use your password on an untrusted device.