Password Handling
- Use random, unrelated/random words to form a phrase that's over 20 characters long for best security and convenience
- or use a password manager like Bitwarden, 1Password, or LastPass to generate complex passwords and to store them
- Don't reuse passwords. An attacker obtains your password from a website with weak security can then access all your accounts
- Use 2FA (two factor authentication - something you have) like Duo, Google Authenticator, etc. in addition to your password. If an attacker obtains your password, they do not have your 2FA token and can't access your account
- Avoid SMS based 2FA. Cell SIM cards can be cloned or a service provider can have poor security
- NEVER share your password with anyone! Not even if you get a call from IT saying "We're verifying your password, is it ABCXYZ?" (this is an old trick that tends to work very well and works on payment info easily). What about with your significant other? Ideally if the platform supports multi-year, each of you need to create your own account (ie. Netflix, Nest, etc. all support and encourage separate accounts). If you must share, share from password manager where each of you have your own password manager accounts
- Never write down passwords! They shouldn't be hard to remember if you follow first point above
- Sign up for website breach notifications: https://haveibeenpwned.com/
- Your password was lost to a website breach? The company claims they encrypted it correctly? Still assume you can never use that password because encryption methods become weaker as computational power increases. Eventually, that password will be revealed then an attacker can use all known passwords to try and take over accounts with automated programs