The first video of the video series is on passwords. The key points mentioned, if implemented throughout the organization can dramatically reduce risk of compromise. There are key takeaways stated at the end of the video, but there are some more subtle points as well:
- Use a password manager. They are many to choose from and some are free. A password manager can assist in automating the fixes to the below mentioned threats.
- Don’t write or print passwords on paper or in unsecured digital files. For example, a sticky note with the password on the backside of a laptop or a list of passwords in an unprotected excel sheet.
- Use long, random, but memorable passwords – also known as passphrases. For example, “Cherry Wire Sparking!”
- Don’t use the same password everywhere. Try to use unique passwords everywhere you login. If one website or company gets hacked, and the passwords are leaked, then all accounts using that same password are at risk.
- Where possible, use multi-factor authentication (MFA). If a password is known, then the second (or third) “factor” of authentication is an additional layer of protection. A good resource for checking if MFA is available on different services is https://twofactorauth.org/
- Finally, properly destroy your sensitive data properly.