Use Strong Authentication
The security of your online accounts has to be as strong as possible, and account authentication represents the first line of online protection. NCSA recommends applying these three simple steps to ensure that you are as secure as possible when managing access to your online accounts.
Passwords need to be complex sequences of characters, for them to be hard to guess by malicious actors.
To create strong passwords or passphrases, NCSA recommends using a random sequence of at least 10 characters that includes upper-case and lower-case letters, numbers and symbols to make your passwords strong. According to the National Institute of Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase possible (8-64 characters) when you can.
Memory techniques such as mnemonics can help you to come up with a series of characters that are decoded into a complex sequence. A phrase like “I’m at the stadium and watching the game” through mnemonics can become “I@TS+WTG”. Mix lower-case and upper-case characters while adding numbers and special characters to create a strong password such as “i@Ts!+wTg546”. Repeat this process to create unique passwords for each of your accounts instead of reusing any of them. The idea of managing many unique passwords can seem daunting, however there are password manager programs that can support this process.
Automated password change is a security best practice and a necessary step to take for strong authentication. It can be difficult to detect that someone else has access to your account.
Therefore, changing account passwords regularly helps a legitimate user to minimize the risk of unauthorized access attempts to their accounts.
NCSA recommends users to change their passwords every 3 months or less.
Multi-factor authentication is an additional level of security that uses multiple pieces of information to verify your identity. MFA requires at least two (2) identity components to authenticate a user's identity. It is highly advisable to enable multi-factor authentication on all of your accounts where applicable.
MFA identity components include:
Applying these best practices will reduce the risk of an attacker guessing your passwords, but does not guarantee complete protection of your accounts.
For additional best practices, a user should:
02 October 2021
More updates
© 2024 National Cyber Security Authority