The Cybersecurity & Infrastructure Security Agency (CISA) urges everyone to create strong passwords and engage in password management.
CISA has the following tips for passwords and password management (from the CISA Website).
- Use a long passphrase with 12 or more characters. Use the longest password or passphrase permissible. For example, you can use a password manager or passphrase such as a news headline or even the title of the last book you read.
- Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
- Keep your passwords on the down low. Do not tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or by phone. Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.
- Use unique passwords. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protects you in the event of a breach.
- Use multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other password-required service. Enable MFA by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics (biological measurements—or physical characteristics—that can be used to identify individuals, such as fingerprint mapping, facial recognition, and retinal scans), and/or security keys. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.