17 October 2024 Olivier Reuland, Chief Information Security Officer
For this year’s Cyber Smart Week, CERT NZ (now part of NCSC) are pushing for good password hygiene, as well as the adoption of Multi-Factor Authentication (MFA).
Let’s start with the password hygiene:
Don’t reuse your passwords
Use complex and/or long passwords that are difficult to guess
This is the most important. Attackers often try passwords leaked in previous breaches against other services. So, if you use your old LinkedIn password to protect your email as well, an attacker could easily get in. Earlier this year, a trove of more than ten billion passwords was released, and there are many more than this.
You can check if some of your accounts have been compromised using sites like Have I been pwned? This is an excellent and free service we recommend. Many password managers also do this for you.
If one of your passwords has been breached, change it as soon as possible, as well as all other places you could have used it.
Attackers know of most used passwords: 123456, qwerty or password are not good passwords. Nor is your birthday, your pet name, or anything that is easily accessible on your social media. This is why many sites are forcing you to choose complex passwords to avoid this situation.
Using passphrases is also a good option, and sometimes easier to remember. This could be something like: “These 3 white horses like music!”
Whatever your password, remember the first rule: Do not reuse it!
Use a password manager to help you generate ransom passwords and save them for you. Here at Effect we use Bitwarden (it’s free for personal use), but there are many other options.
Signup here if you want to keep up with our quarterly newletter