We are InfoSec: members of the Information Security team at KAUST IT.
Our mission: To enable you to be a Human Firewall by shielding yourself, your family and KAUST from today’s cyber attacks.
Cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at this.
Passwords can be compromised if they are short or easy to guess, such as a pet’s name or the name of your favorite car. Remember that the more characters your password has, the stronger it is and the harder it is for an attacker to guess. Since long, complex passwords can be difficult to remember, you can create strong passwords that are easy to remember and type if you use passphrases instead of passwords. Passphrases are nothing more than a sentence or random words.
For example, a passphrase would be:
How cold is today?
Notice how many characters this password has, yet it’s easy to both type and remember.
In addition to creating strong passwords, be careful how you use them.
Here are several key steps that will protect your passwords…
Passwords or Passphrases, How can you be secure?
Use a different, unique password for each of your accounts.
That way, if one of your accounts is hacked and your password is compromised, your other accounts are still safe.
Can’t remember all of your passwords?
Consider using a password manager for your personal accounts. Password managers securely store all of your passwords for you. You only need to remember the password to your password manager.
Note: KAUST does not have an official password manager.
When possible, use 2 Factor Authentication: Like DUO 2 Factor Authentication, many online accounts offer two-step verification. This is where you need more than just your password to log in, such as codes sent to your smartphone or codes generated by a token. Whenever possible, always enable stronger authentication methods like these. Solutions like two-step verification are one of the most effective steps you can take to protect your accounts.
-Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password, it is no longer secure.
Do not use public computers, such as those at hotels or public libraries, to log in to sensitive accounts, such as those at work or your online bank account. Since anyone can use these computers, they may be infected with malware that captures all of your keystrokes. Only log in to sensitive accounts from trusted computers or mobile devices you control.
Finally, be careful of websites that require you to answer personal questions. These questions are used if you forget your password and need to reset it. The problem is the answers to these questions can often be found on the Internet. Make sure that if you answer personal questions you use only information that is not publicly known.
DON’T GET INFECTED
One of the most common ways passwords get compromised is by getting your computer infected. Cyber attackers have developed malware that silently captures and logs all of your keystrokes once it infects your computer, including all of your logins and passwords. It does not matter how strong or long your password is; if someone can monitor all of your keystrokes, they can steal your account information.
This article was developed by KAUST’s Information Security Team using material provided by SANS Security Awareness – SANS Institute 2019
For more information, please contact us at: askinfosec@kaust.edu.sa.