Quote:
Originally Posted by NYCfixie
I work in Cybersecurity as well and what I tell friends/family/co-workers is:
- Use a password manager
- Have it create and store the passwords for you (15 characters minimum but the more the better)
- DO NOT use the same password for multiple accounts/services
- Make sure ALL accounts/services are setup for multi-factor authentication
- Your email password should be the STRONGEST password
(because if hackers can into your email they can often reset passwords for all other accounts/services since most people do not use multi-factor authentication)
- Your password manager should have your second strongest password
- Write your eMail and Password Manger passwords on an index card (yes, I mean paper) and store them safely some place in your home. DO NOT save them anywhere else.
Many commercial password managers can be (or have been) broken. Nothing is perfect. The safest method is to keep everything on paper, locked away at home, and never share with anyone.
Multi-factor authentication is not perfect. Hackers have found interesting ways to get around it (i.e. they can clone your mobile number to receive the multi-factor code you need to authorize yourself to a system after entering the password they have been able to figure out or steal from you).
The point is, most hackers are lazy so if you use a few different methods to protect yourself, hackers will move on and try to terrorize another person who may not have safeguards in place.
Be careful out there.
|
This all looks like pretty good stuff. Had to see what advice was being given here as NIST guidance was wrong up until about 6 years ago. I had to stonewall auditors for years until guidance finally matched real world experience. Frequent password change requirements of the past have always only lead to bad behavior. Length is key and complexity is secondary. 14 or more chars in my book.