Password security email

Welcome to the third letter in my series of information security tips!


It’s time to talk about passwords. You know them. You hate them. We’re stuck with them. I’d be willing to bet that almost all of you have many poor passwords that are duplicated across a whole bunch of sites. Shame on you! Full disclosure: I did, too, until last week, when I went through the entire list and changed old and duplicate passwords in anticipation of this email. So do as I say…


Fortunately, there is a shortcut to good password management. It’s called a password manager!  I use one called LastPass. It stores my passwords, protected by one super-strong password that I have written down in a safe place so that I can never forget it. I can retreive my passwords from anywhere using a web browser or an app on my phone, and it will let me know if I have duplicate passwords, old passwords, passwords that have been compromised online, or other vulnerabilities. It will even generate random passwords for me, and since it can automatically fill in the passwords in websites it can make the passwords especially strong (and hard to remember).


I strongly recommend using a password manager. LastPass is great, and free. There are other reputable options as well. There’s really no reason not to start using one.


If you do decide to manage your passwords manually, there is a recommended way to produce secure but memorable passwords. Pick a long phrase and create a variation on it. For example, if you start with “A long time ago, in a galaxy far, far away,” you might create the password ALongta@44away. That’s a pretty good password, and you can probably remember it pretty quickly. For more detail on this method and passwords in general, see this link.


Another security feature you should be aware of is two-factor authentication. This means you need a password as well as another way to authenticate. This may be signing in from a known computer or receiving a code on a known email address or phone number. While this can be a hassle, it is definitely worthwhile on your critical accounts. Two-factor authentication is now mandatory on many financial accounts, in fact. You can often turn on two-factor authentication for accounts such as Google, Paypal, and Ebay, for example. It will be an option in the settings, and you should seriously consider enabling it.


United States Computer Emergency Response Team


Leave a Reply

Your email address will not be published. Required fields are marked *