This monthly story series from Information Security aims to build awareness of existing cyber security threats and provide tips on how you can avoid them. This month brush up on password best practices.
Having a weak password (or not using one at all) is like keeping the door to your house unlocked and hoping someone doesn’t steal all your stuff. Passwords are important when it comes to handling our private matters, and they are equally important at work, especially if you have access to patient data on your computer or device. After all, we should protect our clients, residents and patients’ information just as we would expect other organizations to do for us.
Below are some best practices to follow when it comes to passwords.
Use different passwords for different accounts
Do not use your Fraser Health credentials for a personal social media or email account, like Facebook or Gmail. Same goes for your SafeNet PIN – don’t use this as your mobile phone PIN code or bank machine PIN. While it may be harder to memorize different passwords and PINs, you will reduce your risk by ensuring that only one of your accounts would be at risk at any given time of attack.
Don’t use dictionary words
Password cracking tools are very effective at processing large quantities of letter and number combinations until a match for the password is found. Users should avoid using conventional words as passwords.
Don’t use personal information
To make passwords easy to remember, many users naturally incorporate personal information into their passwords; however, it is alarmingly easy for hackers to obtain personal information about prospective targets. We strongly advise you not to include such information in your passwords.
Give your password some muscles – increase its length, width and depth
A strong, effective password requires a necessary degree of complexity. Length, width and depth are three factors that can help you develop this complexity:
- Length: The longer a password, the more difficult it is to guess or crack.
- Width: Use upper and lower case letters as well as special characters
- Depth: Use phrases to create passwords that would be hard to guess.
For example, you could turn the phrase: “My one pet, Sam, is so furry he equals three” into “Mopsisfhet”.
Next, substitute capitals, numbers and symbols for some of the letters to make it even stronger. For example:
“Mopsisfhet” becomes “m1pSi%Fh=3”
From a simple sentence, you now have a 10-digit password that cannot be recognized by any dictionary attack, and by adding symbols and numbers, it is nearly uncrackable.
Once you’ve beefed up your passwords, remember to actually use them (lock your computer or device when not in use) and remember to keep them to yourself – no matter how funny the phrase you come up with.
Each month in The Beat we will explore different cyber security threats and provide tips for avoiding them. Up next: Working outside the workplace.
Missed our last article? Find it here.
Let us know if this article was helpful – take our poll.