Guard your digital presence with a secure password

Key Takeaways

If calculated how many online accounts that you have a different password for, how many would you have?

It's helpful when your work accounts are connected with "single sign-on," where you only have to enter your work account password once . But that is not always the case, so you may have multiple passwords for work accounts. I am sure you have multiple passwords for your personal accounts. It is not easy keeping track. Have you run into a situation where you go to log into an online account, and you can’t remember your password! Thank goodness for that option to reset your password! But there is also a temptation to make your passwords as simple as possible and that you use the same password for all your accounts.

NOT A GOOD PRACTICE! Using one password for all your accounts (both work and personal) makes you more susceptible to cyber breaches.

There are two strong approaches for you to use.

1. Use a strong password that meets at least three of the following critical components:

• Length – a password, whether for your work account or your personal accounts, should be at least 12 characters in length.
• Complexity – a combination of upper- and lower-case letters, along with numbers and special characters make for a much stronger password, than say “Password123”!
• Uniqueness – none of your passwords should look alike. Each of your online accounts should be a different password (and not just by adding the number “2” at the end). Further, never use the same password or similar password for both work and personal accounts.

Whether or not you get an automatic reminder, be sure to regularly change passwords.

2. Consider using a password manager. For years I used a little desk diary (it’s dated 2006), to keep passwords written down. I am sure many of you have a similar approach. Why not? It’s offline, it’s in a paper form and not easily accessible by anyone else. Well today we now have online tools called password managers. These tools are encrypted, require MFA to get into and are designed that the product’s company does not have access to your passwords. Based on your personal needs or what your organization may provide, any one of these can fill that need for your work and/or personal password management. Some password managers even have an offline option so that your stored passwords are not saved online.

In selecting a quality password manager, keep the following in mind:

1. Look for encryption - Quality password managers encrypt all the passwords stored on them, no matter whether the passwords are stored on your device or on the company’s servers.
2. Make sure the manager includes Multi-Factor Authentication: The best password managers require multi-factor authentication for you to log in. This can be a facial ID, fingerprint scan or inputting a code that you receive on your cell.
3. Zero Knowledge: This means that the password manager does not know what your main password is to get into the password manager. This password is never stored on the company’s servers. So, you do have to remember one password (or reset it).

For additional guidance and a list of recommended password managers visit this link.

However you choose to manage your passwords, keep them safe and don’t share them. This humorous video highlights the importance of secure passwords.

As shared last week, one county recently shared on the NACo Tech Xchange in answering what they are doing for October Cyber Awareness month:

Their personal email account is where all the password reset emails go. That makes their personal email account their personal crown jewel. If we can teach our employees to be more secure in their personal lives, that attitude will follow them into the office.

To learn more about passwords, visit this link that is on the CSA site.

Additional resources on cyber protections also available through the NACo Tech Xchange. Resources that include the County Technology Guide on Cyber for county leaders and the NACo cyber priorities.