Cyber security

password
• A Password is a word, phrase, or string of
characters intended to differentiate an
authorized user or process (for the purpose of
permitting access) from an unauthorized user,
or put another way, a password is used to
prove one’s identity, or authorize access to a
resource. It’s strongly implied that a password
is secret. A password is usually paired with a
username or other mechanism to provide
authentication.
 What is a good password
You might think that the answer to this question would be very
subjective, but that’s far from the case. In simplest terms, a good
password is one that’s difficult to crack. The stronger your password
is, the better it works to protect your accounts from hackers and
other malicious actors. A strong, reliable password can sometimes
take millions of years to crack, which means that the hackers are less
likely to even try to gain them.
• When you’re thinking of good password ideas, you need to keep
the following criteria in mind:
• The password should be at least 12-15 characters long.
• It should use a combination of letters, numbers, and special
characters. Spaces are also allowed.
• It should not be a common word, product, character, name, or
anything you can easily find in a dictionary.
• It should be a combination that only you know and others could
not easily predict. We’ll cover some creative password ideas
shortly.
• Each password should be unique and you shouldn’t reuse them for
 What is a weak password
• Weak passwords consist of sequential letters or
numbers, are fewer than eight characters long, or
use common words and phrases. The most
popular passwords are well-known by malicious
actors and are usually what they try first.
• According to NordPass’ annual top 200 most
common passwords
list, “123456” and “password” are the most
commonly used and vulnerable passwords.
Another example of a weak password would be
using the name of a fictional character
like “Superman,” “Batman,” or “Joker.”
Examples of bad passwords
Why Choosing a Secure Password Is So Important

 Use two-factor authentication (2FA).

2FA is an additional security measure that
requires you to provide more information
than your password alone. This can be an
assigned personal identification number
(PIN), a code sent to your email or mobile
phone, or a fingerprint or voiceprint.
Though not available across all accounts
and devices, you should use 2FA whenever
possible to further protect your information.
 Incorporate numbers, symbols, and
uppercase and lowercase letters.
Hackers use programs that cycle the
most common, simplest passwords
used. Because of this, your password
should include a combination of
letters, numbers, and symbols to
increase its complexity. The more
complex the password, the safer it is.
least eight characters in length.
Sometimes, hackers use a brute
force method to gain access to
your accounts and devices.
However, the longer your
password is, the less likely it is
for this cyber threat to occur.
Complex, lengthy passwords
take too much time to hack—so
cyberterrorists are less likely to
target these.
 Use an abbreviated phrase or saying for your password.
Choosing a password that’s easy to remember makes sense, and often can be done safely. Pick a phrase
that’s memorable to you, and then create a secure password around it. For instance, the phrase “cup of joe”
could be abbreviated to (uP!0F*J03#.
 Change your password regularly.
The longer you use the same password, the greater the risk that it will become
compromised. Update all your account and device passwords periodically and be sure
that the new password is totally different from the original. Recycling old passwords
increases the likelihood of successful cyberattacks.
 10 approaches to
keep your password
safe
 Keep strong password
• Always creating a password with a
length between eight to twenty
characters and using as many
characters as you can is a very
effective way to keep your password
safe. If you can, try to make a blend
of symbols, numbers, upper and
lower case letters. This will make
your password difficult to hack.
 Do not use identical password on
different platforms

• Remember, when creating a new

account or a new ID, do not use the
same password you have for your e-
mail or other online platforms. It’s
possible that you already have the
same passwords for dozens of
different websites. The first step now
is to fix that and try not to use the
same password again. This will
protect your data from being leaked.
 Create untraceable passwords

• Try avoiding using words, phrases,

and numbers that relate to yourself
when creating a new password. The
reason for that is because this kind of
information could be easily
discovered from your social media.
For example, most people use their
birthdays, anniversary dates, pets’
name, or their baby’s name for a
password. All these could become
Do not write down your password

• In order to keep all your passwords

safe, it is recommended to never
store a password on the internet.
Store your passwords in Excel could
be a threat too. Instead, you could
save your password in a Password
management tool, it’s by far the
easiest and most secure way to keep
your password safe.
 Always remember to log out

• You’re probably used to logging on to different

devices all the time such as on your personal
PC or smartphone. This way you might end up
remaining logged-in on many digital devices
around you, it’s not safe because others may
pick up your device and use your identity
easily. Therefore, signing out whenever you
are switching devices is necessary, doing so
will guarantee the safety of your data, and it
will help you memorize your password.
 Change your password
regularly
• Don’t worry, we are not saying that
you have to change your passwords
every month or 90 days, but it is an
effective practice to do. Whenever
you suspect that your passwords
might have been exposed, or you
receive any notice of that, it is
recommended to change your
passwords.
 Do not use autosave

• Do you recall that each time when

you are logging in a website, your
browser notifies you to store the
password? Well, this might not be
safe for you. Because sometimes
these notifications contain an
autosave button that you might want
to untick to avoid saving your
password regularly, or on unknown
devices.
Do not permit all notifications

• Remember when you are installing a

new app or software, they often
prompt for your permission to access
things such as photo albums, contact
list, notification etc. Most of the time
you click on the “allow” button, but
this can be risky for you because it
might permit unauthorized
notification to your devices and
 Avoid using public hotspots

• Free is a lure! Avoid connecting to

any hotspots that are advertised as
free. Whether or not it’s an airport, a
hotel, or someone’s house. Always
verify it before connecting to a new
WIFI. Another safe way is you can
choose to use a VPN to make sure
that you are secured and encrypted.
Remove all records when changing to a new device

• when you are changing to a new

device, whether it’s a computer or
smartphone, remember that any
person that holds your old devices
might have access to your passwords
stored there. To avoid such problems,
keep in mind to always log out, and
remove all the records from your old
devices before getting rid of it or
 How to create
strong passwords
 Cyber criminals know that most people create
passwords that are easy to remember and will
often reuse the same password across multiple
accounts. Because of this, all it takes is hacking
into one account to access the rest of them
quickly.

1. Do not use sequential numbers or letters

1234, qwerty, jklm, 6789, etc., are some of the
first passwords that bad actors will test.
2. Do not include your birth year or birth
month/day in your password
Cyber criminals can easily find this information by
snooping into your social media accounts.
3. Use a combination of at least eight letters,
numbers, and symbols
The longer your password and the more character
variety it uses, the harder it is to guess. For
example, M0l#eb9Qv? combines upper- and
lowercase letters, numbers, and symbols, making a
unique and hard-to-guess password.

4. Combine different unrelated words in your

password or passphrase
This practice makes it difficult for cyber criminals to
guess your password. Do not use phrases from
popular songs, movies, or television shows. Use
three or four longer words to create your
passphrase. For example, 9Sp!dErscalKetobogGaN.
 5. Do not use names or words found in the
dictionary
Substitute letters with numbers or symbols to make
it difficult to guess the password. Or deliberately
use spelling errors in the password or passphrase.
For example, P8tty0G#5dn for “patio garden.”

6. Use a password manager to store your

passwords
Do not write your passwords or keep them in a
document on your computer. Ensure you’re using
the password manager tool the IT/support team
provided to store all professional and personal
passwords.
Additionally, never share your passwords with
anyone. This includes your colleagues, the
IT/support team, customer service/helpdesk
personnel, family members, and friends.
 7. Do not reuse your passwords
Every device, application, website, and software
requires a unique and strong password or PIN.
Remember, if a cyber criminal does guess one of
your passwords, they will use this to attempt to
hack into all of your personal and professional
accounts.

Bonus: Be aware of phishing emails, smishing

texts, and vishing calls that ask for your
password information.
In the latest Gone Phishing Tournament hosted by
Fortra’s Terranova Security, over 60% of
participating end-users submitted their passwords
after clicking the phishing link.
A sobering data showing us that cyber security
starts with your end-users.
 Information not to be added in
passwords
When updating and creating new passwords, please do not include
the following information:
 Your pet’s name.
 Your birthday or that of family members.
 Any words related to your hobby, job, or interests.
 Part of your home address, including city/town, street,
house/apartment number, or country.
 Your name or the name of a family member.
 Cyber criminals research their victims online, looking for clues
that can help them hack your password. They will use any clues
about you, where you live, your interests, and your family to
guess your password strategically.
 If any of your passwords use any information linked to you
personally, please take a few minutes to update your passwords
following our strong password best practices.
 Tricks to remember strong
passwords
Now, with all these tips telling you to create
different strong passwords for your multiple
accounts, you may be asking how in the world you
will remember them all. Here are some tips for
remembering strong passwords.
 Use a phrase or sentence instead of a word:
This is one of the most effective ways to create a
strong password that is easy to remember.
Instead of using a single word, try combining a
few words to create a phrase or sentence.
 Try making your password poetic: Think of a
poem that you have memorized or has a strong
meaning. Take a line from it and use that as your
password. It’s worth noting that you should
Common password
attack techniques
 Attackers and malware covet passwords, which
allow them to access the desired resource, steal
data and identities, and wreak havoc. The
combination of poor password practices by users,
inadequate password security controls, and
automated password cracking hacker tools
increase the risk of password theft or exposure.
Here are some common credential exploit tactics:
Brute force attacks Repeatedly testing a
password, potentially generating millions of
random guesses per second, with combinations of
characters (numbers, letters, and symbols) until
one matches. The more mathematically complex
a password, the more difficult to crack.
Dictionary attacks Generating password guesses
based on words in a dictionary of any language.
 Pass-the-Hash (PtH) attacks In PtH attacks, an attacker doesn’t
need to decrypt the hash to obtain a plain text password, once
captured, the hash can be passed through for access to lateral
systems. A hacker could elevate privileges simply by stealing RDP
credentials from a privileged user during an RDP session.
Pass-the-Ticket (PtT) and Golden Ticket attacks While similar to
PtH, these involve copying Kerberos tickets and passing them on
for lateral access across systems. A Golden Ticket attack is a
variation of pass-the-ticket, involving theft of the krbtgt account on
a domain controller, which encrypts ticket-granting tickets (TGT).
Shoulder surfing This attack method involves observing passwords
(either electronic or hard copy) as they are being entered.
Social engineering password attacks These attacks, such as
phishing and spear phishing, involve tricking people into revealing
information that can be used to gain access.
By implementing password management best practices, such as
via an automated tool, these attacks can be largely deflected or
mitigated.