Passwords are the key to our entire online identities, but they can be easy for scammers to swipe. Fortunately, there's some simple ways to make your online life more secure. This week we're taking a look at passphrases and multi-factor authentication.

Miss the first part of this course?
Review Week 1 and Week 2.


What's a Passphrase?

A passphrase is a password that contains multiple words or a complete sentence. Unlike a password which uses letters and characters in one word, a passphrase can be harder for malicious actors to guess. Using passphrases instead of a one word password increases the security of your accounts

Passphrase Examples
hen weigh false tiger
rhino aster pickle norway helicopter

More Characters = More Security

The longer a passphrase is, the more resistant to a brute force password attacks it will be. For example, rhino aster pickle norway helicopter will be more secure than catdoggoldfish.

Davidson accounts require 14 character password. We recommend your personal accounts also use passwords at least that long.

Make it Easy to Remember...

It’s important that your passphrase be easy to remember. Your password becomes less secure each time you write it down. T&I recommends not writing your passphrases or passwords down on a sticky note, in a note on your mobile device, or in a Word or Google doc.

Password managers are a safer place to store your information. We'll cover more about these in Week 4.

...but Hard to Guess

While you should be able to easily remember your passphrase, it should not be easily guessed by others.

Avoid using names, common terms, birthdays, number or letter patterns (like qwerty, aaabbb, 12345), or anything an attacker might be able to glean or guess from your social media accounts or other public information.

Use Each Passphrase Once

Avoid reusing passphrases. A common practice by malicious actors is to try compromised username/password combinations on multiple platforms.

For instance, if someone knows your Amazon password, they'll try it on your bank account. It may be convenient to reuse passphrases, but if they are stolen, you could end up with multiple accounts compromised.

✓ Check to See if Your Accounts Are Safe

It's easy to check to see if any of your accounts are involved in a known data breach. Have I Been Pwned is a free and safe service to check to see if you have an account that has been compromised in a known data breach.

If you find your passphrase has been compromised, change it to something new and different that follows these guidelines. If you have other passphrases that are the same or similar, change them, too.


More Layers = More Security

When you use multi-factor authentication, you put more layers of security between your data and scammers who want in.

What is a “factor”?
Something you know, like your password.
Something you have, like your smartphone with the Duo app, or a
hardware key.
Something you are, like your fingerprint.

Why Do I Need to Use Multiple Factors?

Think about your front door. The first factor is the key that unlocks the door knob.

For additional security, and a second factor, you can add a deadbolt or other locking mechanism. Now if your first factor (your key) is stolen, access is prevented by the second lock.

The same goes for your online accounts. By adding a second factor you can prevent unauthorized access if your first factor (your passphrase) is compromised.

Use More Than One Factor When You Can

We recommend you turn on multi-factor authentication on all accounts that have them available, especially if they have sensitive data.

Davidson user accounts are protected by Duo.

Week 4 Releases October 25
Each week in October we'll release another mini-training to help you become more #cyberaware.