Our interactive Password Security module shows learners how to create complex, but easy-to-remember, passwords following best practices for password creation. We’ll explain how passwords may be stolen, and share real-world scenarios where weak or shared passwords compromise security.
Duration: 21:16 Minutes
This security awareness training covers password security.
You usually provide a username and a password when you sign in to a computer. Your username is often something other people know or could guess. For example, your email address, or your first initial and last name. But your password needs to remain secret because it’s the one thing that tells a computer that you are who you claim to be.
If you fail to protect your password or choose a weak password, you are at risk. If you let your password fall into the wrong hands, or use a password that is easy to guess, hackers, scam artists or competitors could sign on as you.
Once signed on, these people could read your mail and documents, send messages as you, access money, or cause other damage that could impact your career, finances, health and reputation.
To avoid these kinds of problems, you have a duty to protect your password. Over the next few minutes, you will learn how to pick strong passwords, how to keep passwords safe, and what to do if you suspect a problem with your password.
A strong password is a password that is hard for other people to guess. Fortunately, the rules for safe passwords are easy to apply. Passwords using uncommon words are harder to guess than those using common words. Long passwords are harder to guess than short passwords. And complex passwords with combinations of lowercase letters, uppercase letters, numbers and symbols are harder to guess than simple passwords.
Let’s try an exercise to replace a weak password with a strong password.
First, replace the common word you see with a similar uncommon word.
A Sphynx is an uncommon type of cat.
Hint: A Sphynx is an uncommon type of cat.
Second, add a second word to make the password longer.
Blue is a second word that doesn’t duplicate the first.
Hint: Use an actual word, and don’t just repeat a word.
Third, capitalize some of the letters in the password. Try to avoid simply capitalizing just the first letter of the first word.
You chose the password with randomly capitalized letters.
Hint: Capitalize something other than the first letters or the whole word.
Now, add at least one number and one symbol. Rather than just adding them to the end of the existing password, try to replace existing letters with similar symbols, such as “3” for “E” or an “at” for “A”.
You chose the password that added both numbers and symbols.
Hint: Replace multiple characters with symbols and numbers.
Once you have selected a strong password, you need to keep it safe. If you write your password down, protect that paper like cash.
Do not leave your password on your desk, your monitor or in an unlocked drawer.
If you want to keep an electronic copy of your password, use password storage software or a password site that uses encryption.
Do not store your password in a spreadsheet, document, email or regular web site.
Please click the safest storage option for digital passwords.
Digital copies of your password should be stored with encryption, not in a spreadsheet or your email.
Remember to make sure that digital copies of your password aren’t readily accessible!
You should never email, IM or share your personal password with anyone else. Instead, instruct anyone who asks for your password to get their own credentials through IT or management.
Although you should never share a personal password, there are two cases where you may have to share other passwords. First, you may be in charge of a cloud service or other application that requires you to set or reset another person’s password. In this case, use a “force password change after sign on” option to ensure the other person sets their own password.
Second, you may need to work with a common user account already shared with multiple people. In this case, use a password storage application to store the shared account’s password. Then require all people with access to the shared account to get the password from the storage application.
Now, let’s test your password sharing knowledge. I have an important project due this afternoon but I can’t sign on. Can I borrow your password for the day? Click the best choice.
You should tell your coworker to speak to his manager or IT to get help signing in.
Here is another password sharing exercise. Thanks for setting up the billing service, but I forgot my password already. Could you please reset my password? Click the best choice.
You should reset her password and force her to change it as soon as she signs in.
And finally, another password sharing exercise. I forgot the password to our department’s shared account. Can you tell me the shared password? Click the best choice.
You should tell your coworker to retrieve the password from the secure password application.
Organizations often force you to change your password every few months. This is an effective way to prevent other people from using your old passwords and to shut down access to unused accounts.
Many people deal with regular password changes by simply adding a number or date to a “base” password. Unfortunately, hackers expect you to do this too. The use of a strong base password is fine, but instead of just adding a number or date to a frequently rotated password, use something unpredictable. For example, a combination of colors and random two-digit numbers.
In an ideal world, everyone would use unique passwords for every application. In the real world, people often use the same password in multiple applications or websites. While the practice is never completely safe, the safest way to reuse passwords is to collect similar types of applications into unique groups, and then use a different password for each group. For example, you might group your applications into news, shopping and gaming groups, and then use a different password for each group.
However, you should always use unique passwords for critical applications like work, email or banking.
In addition to selecting strong passwords and keeping them safe, you are expected to report misuse and suspicious behavior too. If you ever find yourself using a weak password, accidentally reveal your password, Or believe that someone knows your password.
Please change your password immediately. Please also notify the system administrator in charge of the application, or applications that use that password.
In the last few minutes, you learned how to pick strong passwords, how to keep passwords safe, and what to do if you suspect a problem. Please review or print these takeaways, and then click continue to complete the module.
Poster - Need to Know: Password Security
Creating Strong Passwords
How Much Is Too Much? (Password Security)
Ready to be inspired? Join us in Chicago for Infosec Inspire19
The Infosec IQ user conference designed for you — two days packed with actionable education, industry best practices, IQ sneak peeks and networking.