Fort Belvoir, VA --
It’s that time of year again, when people -including myself- make resolutions for the new year. Lose weight, exercise more, spend less - the list goes on. After a recent review of the passwords for my various apps and accounts after our family’s recent cell phone upgrade, I think I need to add one more resolution to that list – strengthening my passwords.
When I got home after upgrading my cell phone, I made a list of the passwords for my apps that I had to re-enter because I had forgotten them. I took one look and gasped at how lame they were. While you’d have to know me to guess my passwords, my passwords would be horrible by the standards recommended by the DLA Cyber Emergency Response Team Fusion Cell.
I did some reading about setting up passwords and what constitutes a strong or weak password. What I found was astounding. A November 2020 report by NordPass, a password manager, showed the most common password “123456” was used by 2.5 million people and exposed 23 million times in data breaches. “123456789” came in second place, used by 961,000 people and exposed 7.8 million times in data breaches. The password “picture1” is a new weak password according to NordPass that came in third place.
I knew my passwords were weak but thank goodness they’re not that bad.
Later that night, my husband and I were talking, and after lamenting over my apparent inability to remember passwords, I asked him how he seemed to remember his with little problem.
He told me about a program he listened to on security that gave advice for setting passwords. The host said to come up with a sentence or two that you can remember. For example, “I hate having to change my password all the time”. Then take the first letter of each word in the sentence, and intersperse numbers, symbols, or whatever you need to add up to the minimum required characters for that password. “It has made my life much easier,” he said.
It was genius. Updating and strengthening my passwords is now one of the items at the top of my to-do list when I have time over the holidays. I’ll be encouraging my family to do the same.
The DLA CERT Fusion Cell notes that passwords are required to be complex for DLA user accounts and are rarely used without two-factor authentication -such as entering a code sent by text message- to ensure secure access. They recommend DLA users implement strong passwords at home and to use two-factor authentication whenever possible.
KeePass is a password manager to help keep track of passwords at home and at work. You can find it in the DLA Software Center, and on the web for personal use.
I hope you make strengthening your passwords a resolution as well.