TASB Risk Management Fund
INSIDERM

Cybersecurity Series, Part 2

February 01, 2017 Cristina R. Blanton

Lock

Secure passwords: it's not as easy as 1-2-3

This is the second in a three-part series of articles covering cybersecurity issues that school districts and organizations should be aware of. In this article, you will learn how to create secure and effective passwords. Read part 1 (What you need to know about cyber safety) and part 3 (Cyber awareness starts with a plan).

Many topics are covered in cyber awareness training programs and articles. One of the most important topics relates to addressing a human factor in the cause of data breaches — the creation of a strong password. These days, it is rare to engage in any online services or activities without the creation of a password. Creating a strong password for many different accounts and log-ins however can prove to be a daunting task for many people.

Aside from the general guidelines of complexity set by an internal IT department, many users are left to create complex passwords on their own.

Here are some tips to creating strong passwords to consider:

  • The longer the password, the harder it is to crack. Consider a 12-character password or longer. Consider spelling words backwards.
  • Avoid names, places, and dictionary words. Do not use your own name and date of birth. If you feel the need to use a place, make sure it is something only you would know, i.e., do not use your hometown as a password.
  • Mix it up. Use variations on capitalization, spelling, numbers, and punctuation.
  • Avoid the same password for all. Creating one strong password can seem daunting, but it is worth it in the long run. If a hacker guesses one of your passwords, they may be more inclined to use that same password to test other accounts belonging to you.
  • Password fatigue? Seek help. If you find a mental block to password creation, there’s always help! There are plenty of free apps and software tools out there that will help generate safe and complex passwords for use.

Businesses and schools require users to create passwords for anything from signing into a computer system to sending a secured document through electronic means. A strong and secure password, if administered correctly, is generally set to expire and require user updates every 30-90 days. This requirement to update passwords for multiple systems and functions, coupled with the strict requirement for the password to be complex, can quickly add up to fatigue for the user. 

A study from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives. When users run out of complex passwords to create and remember, they tend to default to something very basic and easy or, writing down the password on a sticky note placed on the inside of the laptop. A relaxed approach to password creation can create a significant threat of unauthorized access to sensitive material and information hidden behind the password protected item. 

For more information about the Fund’s Privacy Information & Security coverage and resources, visit the Fund website.

Tagged: "cyber security", cybersecurity, "Privacy and Information Security"