Welcome to the fourth installment of our 12-month Cyber Security Awareness campaign! This month, we focus on the foundation of our cyber security strategy – strong unique passwords. Your passwords are your first line of defense against unauthorised access to your digital accounts and sensitive data. Weak, easily guessed or repeated passwords compromise your personal digital security and put the University at greater risk of cyber attack.
Building blocks of a strong password
A strong password minimises the risk of unauthorised access to your online accounts. Unique passwords for each of your accounts minimises the risk of cyber criminals gaining access to multiple accounts through one compromised password. If you use the same password for your email, bank account and online shopping activities, all it takes is one successful cyber attack on any of those sites for each account to be infiltrated.
Powerfully protective passwords are:
- Complex: Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using predictable sequences or easily guessable information, such as birthdates, pet or children’s names or common words. Simple character substitutions like ‘@’ for ‘a’ and ‘3’ for ‘e’ are well known to cyber criminals and won’t do much to increase password security.
- Long: Longer passwords are more difficult to guess correctly than short ones. Use a minimum length of 12 characters.
- Unique: Avoid reusing passwords across multiple accounts. Every online account you operate should have its own unique password to prevent a security breach on one site from compromising your other accounts.
- Random: Generate passwords using random combinations of characters. The more random a password, the more difficult it will be to guess. The National Cyber Security Centre (NCSC) recommends using three random words to generate strong passwords.
Manage your passwords
Creating strong passwords is an excellent start to securing your online accounts, but there are strategies you can use to further reduce your risk. Password management techniques include:
- Regular Updates: Change your passwords periodically, especially for accounts that contain sensitive information or provide access to critical systems. Regularly updating passwords reduces the risk of your accounts being compromised by data breaches or unauthorized access.
- Multi-Factor Authentication (MFA): Enable MFA (also known as two-factor authentication or 2FA) wherever possible. By requiring additional verification such as a code sent to a mobile device, MFA makes it much less likely that an attacker will access your account even with the correct password.
- Secure Storage: Avoid storing passwords in unencrypted files, on paper or sticky notes, or within your internet browser. Consider using a reputable password manager to store your passwords safely.
- Vigilance: Remain vigilant against phishing attempts and spoofed websites designed to trick you into entering your password or other sensitive information.
Complete your Cyber Security Training
Strengthen your defenses by completing the free training available to all staff and students through the Metacompliance app, accessible directly here: https://universityofstirling.metacompliance.com/ or through Teams along the left-hand side navigation bar:
See the previous posts in this series:
October 2023 – Introduction to Cyber Security
November 2023 – Types of Cyber Security Threats