*Kevin Mitnick’s 10 Rules for Stronger Passwords
“It’s important to keep malware (malicious software) off your computer so hackers cannot intercept your passwords. Even if your passwords are very strong and hard to guess, malware can still allow a hacker to get them.” – Kevin Mitnick
Always use strong passwords on the internet. A strong password is one that is hard for someone else to guess.
- Don’t tell your passwords to anyone, even tech support people who may ask you for them. Nobody should ask for your password, and you should never give your password to anyone.
- Don’t use simple dictionary words or pets’ or people’s names for your password. And avoid things like your zip code or key dates like a birthday or an anniversary.
- Use passwords that are at least 12 characters long; however, those are still easy to crack if an attacker gets into your network. If you want to be super safe, use 20 characters. And don’t write them down where they can be easily found.
- It’s actually easier and more secure to create a passphrase instead of a password. A passphrase is a few nonsense words like $3 for the pirate hat or Betty was smoking tires and playing tuna fish.
- Use a different password for each website. And don’t use simple patterns like password1, password2, password3 for different sites—those are too easy to guess.
- If you think your password may have been compromised, change it immediately and check your other websites for any signs of misuse, starting with your online banking site!
- Sometimes websites ask you to enter the answer for a security question that you can use if you forget your password. Make sure that your answer to that security question is just as hard to guess as your password. This answer should not be used anywhere else.
- Use extra security features, such as stronger forms of authentication, everywhere you can. For example, a site may offer an option to use Google Authenticator, which is an app that generates a new six-digit number every minute as a “second password.” That is a good security feature, so use it! Sites also sometimes offer to send you a code via a text message. To log in to your account, you need both your password and the code. That’s less secure than the Google Authenticator app on your phone but better than nothing.
- Use the password procedures that your organization requires you to use, and consider using a password manager at home. These products make it much easier to have strong, unique passwords on all of your accounts. There are also online password generators that create hard-to-guess passwords—for example, www.passwordsgenerator.net.
For more information on employee training, please contact us. We can help your staff become more security-aware and stay safe in the vast digital universe.
Feel free to download this Creating Strong Passwords resource to distribute to your staff HERE.
This guideline on creating strong passwords is just a small section of the Kevin Mitnick Security Awareness Training program and is facilitated by KnowBe4 Security Awareness Training company.
* Who is Kevin Mitnick? Kevin David Mitnick is an American computer security consultant, author, and convicted hacker, best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes – Wikipedia