Back to security basics: passwords

As part of National Cybersecurity Awareness Month, we are going back to basics to raise awareness around creating and protecting yourself with strong passwords.

October 4 2021 by

Matthias Wollnik

iMac on desk with user viewing a screen that is displaying a log in screen for password credentials

Using multi-factor authentication, strong passwords, backing up your data and updating your software are great ways to #becybersmart.

Here are some quick tips to maintain cyber hygiene and keeping your data protected:

Do not reuse passwords

It's tempting to reuse a password. It makes it easy for you to remember it across all your various accounts but it leaves you wide open if someone manages to break your password on one site. Next thing you know, that one password get intruders into all of your personal accounts.

Change your password if a site was breached, but don't change it otherwise.

The old guidance of changing your passwords is generally falling out of favor since it increases the likelihood that you'll reuse passwords (see rule #1). However, if a website lets you know that your account may have been compromised, change your password immediately.

Length over complexity.

A password consisting of 8 randomly-chosen characters is rarely as strong as a collection of 5 words that add up to 20 characters. Ideally, choose a set of rememberable words that you can connect in your mind. For example, "peanut smash salt sugar bread yummy," which makes me think of eating a peanut butter sandwich. You can also connect words with symbols or numbers instead of spaces to increase the difficulty.

When possible, always enable two-factor authentication.

With two-factor authentication apps, like Google Authenticator, Okta or via text/SMS, a unique code as well as your password must be entered to log in. Always choose the app version over the SMS-based two-factor authentication.

Use a password manager.

Even the most memorable passwords become a problem if you need to remember more than a small handful of them. At one point, I remember noting that my password manager had passed 200 stored passwords. No matter what, I would have had to violate rule #1to remember them all. With a password manager, each of these sites has a unique password. Even organizations use tools like this to store credentials to many resources, especially shared resources. These days, I only have to remember the password to my password manager and my primary password to log into my devices. My password manager also acts as a two-factor authentication app, which makes it so much simpler to follow these best practices and stay secure.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.