Oct 06 2020

4 Simple Steps to a Rock-Solid Password

Small adjustments can make a big difference in protecting your data and devices from threat actors.

Advanced persistent threat groups are targeting healthcare organizations, the Department of Homeland Security warned in a May advisory.

Malicious actors are on the hunt for valuable research, pharmaceutical and patient data, according to the agency. The threat is so great that DHS recommends all healthcare and academic organizations strengthen their passwords to guard against misuse.

One method hackers use is known as “password spraying,” a brute-force attack involving a single and commonly used password against many accounts before an attacker pivots to try a second password, and so on. Password spraying allows threat actors to remain undetected by avoiding rapid or frequent account lockouts.

Here are some best practices for choosing (or upgrading) your passwords:

1. Choose a “Passphrase” Instead of a Password

Long, complex passwords are more secure, but they’re also hard to remember. Try using a passphrase with 8 or more characters. Make it something easy for you to recall but avoid common phrases, quotations or personal information.

For example, you could create a passphrase like “Footba!!4theGreate5tC1uB,” which uses dictionary words in a memorable sequence. The combination of special characters and upper and lowercase letters makes it hard to guess.

2. Make a Different Password for Every Account

Don’t use one password for every account. The password you set for each application should be unique because it reduces the risk of compromise.

Hackers often get account credentials from lists published on the internet that were harvested from systems vulnerable to attack. If you use the same password everywhere, it could be used to access other systems.

READ MORE: How are cybercriminals targeting healthcare in response to the COVID-19 pandemic?

3. Use a Password Manager

Does setting unique passphrases for each account sound unmanageable? Think about using a password manager, which not only helps securely store and retrieve passwords, but also generates long, complex passwords unique to each account. Some password managers also store passwords in the cloud so you can access them from any device.

If you decide to use a password manager, be sure to secure your master password. The master password should be long and complex. And because it holds the key to all your account passwords, take extra precautions to secure it with multifactor authentication.

4. Consider Passwordless Authentication

Some vendors have introduced “passwordless” authentication for greater security. A typical passwordless system involves two parts: something you have, like a security key or smart card; and a biometric gesture (such as a fingerprint or retinal scan) or a PIN.

PINs are stored locally and never sent across the network, which makes them more difficult to compromise. As such, they can be shorter in length and changed less frequently than other authenticators.

Illustration by LJ Davids

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.