Today is the start of NCSAM.
We pronounce it “en-see-sam”, and it’s short for National Cybersecurity Awareness Month, when the USA and various other countries take the chance to vocalise for all of us that cybersecurity really matters.
And one of the things that really matters is this: making it hard for cybercrooks to figure out how to login to your online accounts.
→ Did you know that for less than $20,000 you could build your very own password cracker that, under ideal conditions, could try out more than 100,000,000,000 passwords EVERY SECOND. That means you could churn through every possible 8-letter password in just 2 seconds, and every 9-letter password in under a minute!
So here is a short and straight-talking video that not only shows you how to pick a proper password, but also explains why you should bother.
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
Once you’ve watched the video, you might find yourself thinking, “But they didn’t mention two-factor authentication or two-step verification!”
Good for you!
Two-factor authentication (2FA) is a way of making it harder still for cybercrooks to login to your accounts.
Generally speaking, it requires you to use a one-time code that’s different every time you login, usually sent by SMS or generated by a special app on your smartphone.
Indeed, we think you should turn on 2FA for every account that will let you, but because you don’t pick the 2FA codes yourself, we didn’t think it quite fitted into the video, which is about helping you to choose wisely for yourself.
However, we do have an informative podcast that tells you all about 2FA, if you’d like to learn more:
By the way, we’ve had some questions, over in the Sophos Spiceworks community, about the value of online password checkers, those web sites that claim to help you to decide whether you picked a proper password or not.
We’re ambivalent about them.
Password strength meters may help a little, notably that if they say a password is weak, it’s probably very weak.
But some of the ones we’ve seen tend to be influenced by the wrong sort of detail, like how many different sorts of character you’ve used, not how hard the password might actually be to crack.
We think that you’ll do well enough all by yourself if you follow the advice in the video…
Article source: Naked Security - Sophos