eResearch

Passwords have become an aspect of everyday life. But over time the best practices of what makes a good password changes with the technology landscape. As the average compute power increases the security of short passwords decreases.

complicated password of different types of characters is no longer a secure standard. The best practice is for a very long and easy to remember password, such as a series of words or phrases that aren’t common. An example would be “Larger.Imagine.Part.12”, this password is 22 characters long and is easier for a human to remember and hard for a machine to guess or crack via cryptography.

MFA is a key part of account security to supplement passwords and prevent access in the case of a password breach. Ensure you set up MFA correctly on all your . The University makes MFA mandatory on all accounts. It is a good practice to enable it on all services that support it.

Even with all the best practices phishing can still be a threat. Most account breaches now occur due to social engineering and phishing. Ensure you don’t click on links from unknown emails and ensure you only enter you credentials on legitimate sites.

Another good practice is not using the same password in multiple places. As less secure website can be compromised which can reveal your password online and render it insecure. A good way to manage this is to use a password manager. The best way is to, pair a password manager with a secure and easy to remember passphrase. This will allow you to keep your main password secure for the password manager system. You can then use random secure passwords for other websites using the password manager to prevent 1 data breach from causing a larger security issue.

Below are some of the Password managers that are currently recommended:

  • 1password – https://1password.com/
  • Bitwarden – https://bitwarden.com/ (free option available)
  • Password vaults that are inside browsers now (Chrome, Firefox, edge and safari).
  • Apple password app for those that use apple devices

It should be mentioned that whilst these recommendations are provided being best current knowledge, things can change quite quickly.  Thus is the important that you do your own research on your preferred password manager,