In a time when cybersecurity is a growing concern, it’s important to take proper steps to protect personal information online. While it may be difficult to avoid viruses, phishing scams, or account hackings, creating and maintaining strong passwords is one of the first and most important steps to take to protect your online presence.

“The formulation of a good password is essential to making sure the bad guys can’t use brute force attack methods or simple social media reconnaissance in order to break your password,” said Jimmy Lummis, associate director of Cyber Security for Georgia Tech’s Office of Information Technology.

When creating or updating a password, here are a few tips to keep in mind:

1. When updating a password, make sure it is significantly different from previous passwords. Sometimes it can be a time-consuming task to update a password, especially if a site has very specific password requirements. But when it comes to security, updating passwords should be taken seriously. “Strategies like picking a password and then incrementing the number on the end of the password each time you change a password is human nature and very insecure,” Lummis said.
2. Do not use the same passwords across different accounts. “Using the same password for multiple websites or applications is a bad idea. If the bad guys compromise one password, then they have access to all of your resources,” Lummis said. If creating a new password for each account is difficult, then consider using a password generator or password management system (more on this shortly). Another way to generate complex, but easy-to-remember passwords is using an acronym for a phrase that has significance to you. Mixing in a few numbers and symbols to replace certain letters will make the password more secure. Remembering a phrase will be easier than remembering a random string of numbers and letters.
3. Increase security with two-factor authentication. Two-factor authentication adds a second layer of security by requiring another piece of information in addition to your password. Two-factor authentication prevents criminals from accessing an account with just a password. “The thing to really note about passwords is that they are no longer sufficient for protecting sensitive information such as your email or bank accounts,” Lummis said. “Anything sensitive should be protected with multi-factor authentication these days.” Georgia Tech has partnered with the password management system Duo Security to bring two-factor authentication to campus. The system is being rolled out in stages and will eventually reach all departments across campus. The two-factor authentication will help protect sites such as TechWorks, Office365, and the virtual private network (VPN).
4. Use password management resources. For those interested in assistance managing a plethora of passwords, several free password management tools exist, such as LastPass, LogMeOnce, 1U, and Norton Identify Safe. Password management systems eliminate the need to write down passwords because all passwords can be stored in one password vault. “Allowing a tool to generate and manage strong passwords for you is the best strategy you can have,” Lummis said.