For this year’s Cyber Smart Week, CERT NZ (now part of NCSC) are pushing for good password hygiene, as well as the adoption of Multi-Factor Authentication (MFA). 

Let’s start with the password hygiene:  

Don’t reuse your passwords  

This is the most important. Attackers often try passwords leaked in previous breaches against other services. So, if you use your old LinkedIn password to protect your email as well, an attacker could easily get in. Earlier this year, a trove of more than ten billion passwords was released, and there are many more than this. 

You can check if some of your accounts have been compromised using sites like Have I been pwned? This is an excellent and free service we recommend. Many password managers also do this for you.  

Use complex and/or long passwords that are difficult to guess 

Attackers know of most used passwords: 123456, qwerty or password are not good passwords. Nor is your birthday, your pet name, or anything that is easily accessible on your social media. This is why many sites are forcing you to choose complex passwords to avoid this situation.  

Using passphrases is also a good option, and sometimes easier to remember. This could be something like: “These 3 white horses like music!” 

Whatever your password, remember the first rule: Do not reuse it! 

Bonus tip: Use a password manager 

Use a password manager to help you generate ransom passwords and save them for you. Here at Effect we use Bitwarden (it’s free for personal use), but there are many other options.