Celebrating 20 Years of  Cybersecurity Awareness! 

WELCOME TO CYBERSECURITY AWARENESS MONTH 2022  

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.  

This year’s campaign theme — “See Yourself in Cyber” — demonstrates that everyone is responsible for their own online behavior. This October we’ll focus on the “people” part of cybersecurity. Each week we will share information and resources to help educate you so you can make smart decisions whether on the job, at home or at school – now and in the future. 

Week 2: Password Management

Welcome to Cyber Awareness Week 2. This week the theme is Password Management. Our goal this week is for you to consider your password hygiene and how you might improve it. Also, we are excited to share our version of a New York Times cyber awareness crossword puzzle. Good luck, let us know how you do! 

Passwords are the key to your online identity. Between work and personal life, the average internet user has dozens, if not closer to 100 of password-protected accounts. In a recent Last Pass survey, it was determined that SMB employees use the same password an average of 14 times.  

Reused passwords represent a huge risk as someone with access to one set of stolen or compromised credentials could use them to hack into other accounts. To keep your passwords safe from cybercriminals and reduce your cyber risk, see our resources and tips below. 

An estimate of almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456. 

123456 123456789 Qwerty 12345678 111111
 1234567890 1234567 password 123123 987654321
7777777 1q2w3e4r 654321 555555 3rjs1la7qe
Google 1q2w3e4r5t 123qwe zxcvbnm 1q2w3e
Qwertyuiop Mynoob 123123 666666 987654321

Did you know?

53%

of people rely on their memory to manage passwords.

51%

of people use the same passwords for both work and personal accounts.

57%

of people who have already been scammed in phishing attacks still haven’t changed their passwords.

33%

of account-compromised victims have stopped doing business with companies and websites that leaked their credentials.

Password Best Practices 

7 Tips to Make Your Digital World Safer 

  • Make passwords that are hard to guess but easy to remember. Use passphrases, a combination of a non-related words comprised of twelve characters or more with mixed types of characters, including upper and lower cases.

  • Use a different password for each of your logins.That way, if one account is compromised, at least the others won’t be at risk. 

  • Protect your assets and personal identity by using a password manager. We’ve told you to use a different password for each account. How are you going to remember all these long, complex passwords? Your answer, a password manager. Not only will it store your passwords, it will  keep your passwords organized, generate secure random passwords, and automatically log into websites if you set it up to do so. The best part, you now only need to remember one password!

  • Use multi-factor authentication (MFA). Even the best passwords have limits. Multi-Factor Authentication adds an additional layer of protection along with your username and password. (See MFA tips below from last week’s post) 

  • Do NOT share your passwords. You wouldn’t share your ATM login and pin with anyone, so would you share your login credentials? Those credentials protect your banking information and a lot more personal information.
  • Do NOT reuse passwords. While it may be convenient to reuse passwords, it is also very risky.  

  • Participate in regular cybersecurity awareness. Cybercrime is constantly evolving, becoming more and more sophisticated. It’s important that your cyber knowledge evolves also. Password hygiene education shouldn’t be a one-time thing.  

Activities and Resources

InfraNet Cyber Awareness Crossword Puzzle

#InfraNetCyberAwareness 

Instructions

  • Click a cell on the crossword grid, or click a clue
  • Click twice on a cell to toggle between across and down
  • The active cell is highlighted in blue
  • Start typing in the word
  • Hit enter when you are done typing in the word
  • The word will turn green or red if you got it right or wrong
  • You can use the tab and shift-tab keys to move around the crossword, and the arrow keys

Week 1: Enable Multi-Factor Authentication (MFA)

You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. 

Did you know?

81%

of breaches are caused by credential theft

99.9%

less likely to be compromised if you use MFA

73%

of passwords are duplicates

What is MFA? 

Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. Along with a password, users are required to use a second or even a third form of authentication which can help prevent unauthorized account access if a system password has been compromised.  

Passwords and PINs are the most common forms of single-factor authentication. MFA adds a layer of security by requiring two or more pieces of information—that is, multiple factors— during the authentication process. 

Why is MFA Necessary? 

In today’s digital world, both businesses and individuals store sensitive information online. A breach or misuse of this digital information can have serious consequences such as financial losses, business disruption, loss of reputation and so much more. According to an often-quoted study by Microsoft Research, “The average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords, and types an average of 8 passwords per day.” 

Credentials remain one of the most sought-after and easiest pieces of information for hackers to steal. Simply put passwords alone do not provide enough protection for digital assets. With so much at stake, why risk becoming a victim of password theft? Multi-factor authentication offers an additional layer of security between the user and the application/account they are trying to access by requiring two or more separate steps to verify their identity. MFA prevents unauthorized users from accessing these accounts, even when the password has been stolen.  

How Does MFA work?

When a user registers an account, they can enable MFA by providing multiple forms of ID. The system then stores this ID and user information to verify the user when they login to the account. The login is a multistep process that verifies the ID and user information along with the password. The process includes: 

Registration

A user creates the account with a username and password (also known as credentials). They then link other items that uniquely identify them such as their cell phone number or email address.  

Authentication

When a user logs into an MFA enabled account, they are prompted for their username and password (the first factor – what they know), and an authentication response from their MFA device (the second factor – what they have). 

If the system verifies the password, it connects to the other items. For example, it may send a numerical code to the cell phone. 

Reaction

The user completes the authentication process by verifying the other items. For instance, they might enter the numerical code they received on their phone into the system. The user will gain access into the system only if all of the information is verified, username, password, phone number, code, etc. 

Activities & Resources 

Check out this infographic: