Cyber Security News

Mastering Password Hygiene: Your Key to Online Security

A stolen trove of passwords released on the Dark Web has been analysed, and it reveals a dangerous trend in how Aussies choose their passwords.

As members of Cyber Heroes you already know the wisdom in choosing a long, unique sophisticated password, but it seems that thousands of Australians missed the memo this year.

To demonstrate this here's the Top 5 list of stolen passwords that is full of extremely simple and predictable options along with how long it takes hackers to crack them using readily available software:

  1. 123456 (< 1 Second)
  2. admin (< 1 Second)
  3. password (< 1 Second)
  4. 1234 (< 1 Second)
  5. qwerty123 (< 1 Second)

If any of these are amongst your password list, hopefully we've got your attention. And don't worry as we're going to walk you through how you can clean things up!

And that means talking about Password Hygiene.

What is Password hygiene?

It refers to the set of practices and habits individuals and organisations adopt to ensure the security and cleanliness of their passwords.

Just as personal hygiene involves routines to maintain cleanliness and health, password hygiene involves routines and best practices to maintain the security and integrity of passwords.

It encompasses various actions and behaviours aimed at protecting accounts and sensitive information from unauthorised access and cyber threats.

Here are 7 examples of good password hygiene practices:


Use Strong and Unique Passwords

Create passwords that are long, complex, and difficult to guess. Avoid using common words, phrases, or easily guessable information like birthdays. A strong password typically includes a mix of upper and lower-case letters, numbers, and special characters.


Avoid Using Easily Guessable Information

Do not use easily accessible or publicly available information such as your name, username, or common words as part of your password. Attackers often use automated tools that can quickly guess these types of passwords.


Use a Passphrase

Consider using a passphrase, which is a longer sequence of random words or a sentence. Passphrase's can be both strong and memorable. For example, I like brown dogs can become !L!keBr@wnD@g5 - you can adopt your own 'code' for passphrase's that are easy for you to remember, but nobody else will have a clue.


Enable Multi-factor Authentication (MFA)

Whenever possible, enable MFA for your online accounts. MFA adds an extra layer of security by requiring you to provide something you know (your password) and something you have (e.g., a smartphone or hardware token) to log in.


Don't Reuse Passwords

Avoid using the same password for multiple accounts. If one account is compromised, it can put all your other accounts at risk. Use a password manager such as 1Password to help you keep track of unique passwords for each account.


Regularly Update Passwords

Change your passwords periodically, especially for critical accounts. This can help protect against unauthorised access, particularly if a password has been compromised in a data breach. We recommend changing passwords every three to six months.


Use a Password Manager

Consider using a password manager such as 1Password to generate, store, and autofill your passwords. Password managers can help you create and manage strong, unique passwords for each of your accounts, making it easier to maintain good password hygiene.

In addition to these practices, it's essential to stay vigilant for phishing scams and other social engineering attacks that attempt to trick you into revealing your password or other sensitive information.

By following good password hygiene practices and being cautious online, you can significantly enhance your digital security.

Don't be 'too busy' to clean up your password situation - start with your most important (such as banking and emails) and commit to changing 3 a day for the next month!