Why having strong passwords really matters
You’ve probably heard people talk about the importance of password security before. But does it really matter what passwords you use - does anyone really care that much about getting into your accounts?
Password security matters because:
Any company account or device can contain information that’s lucrative to cybercriminals
Exposure of customer or business data can be highly damaging to your organisation
Ensuring only authorised users can log in to devices and systems helps maintain accountability.
https://outlearn.training/
https://outlearn.training/
https://outlearn.training/
2. Here’s what you will learn…
This course will teach you how to keep your accounts and
devices safe with secure use of passwords and authentication.
YOU WILL LEARN: WHY HAVING STRONG
PASSWORDS REALLY
MATTERS
WHAT ACTUALLY MAKES
A SECURE PASSWORD
WHY YOU SHOULDN’T
REUSE PASSWORDS
HOW TO CREATE A
PASSWORD THAT’S EASY
TO REMEMBER BUT
HARD TO GUESS
WHAT NOT TO DO WITH
YOUR PASSWORDS
WHAT MULTI-FACTOR
AUTHENTICATION IS
AND WHY YOU SHOULD
USE IT
WHY HAVING STRONG
PASSWORDS REALLY
MATTERS
ASHLEY MIDDLETON (C) 2020 2
3. Why having strong passwords really matters
You’ve probably heard people talk about the importance of password security before. But does it really
matter what passwords you use - does anyone really care that much about getting into your accounts?
Password security matters because:
Any company account or device can contain information that’s lucrative to cybercriminals
Exposure of customer or business data can be highly damaging to your organisation
Ensuring only authorised users can log in to devices and systems helps maintain accountability
ASHLEY MIDDLETON (C) 2020 3
4. Password security matters because:
Any company account or device can contain information that’s lucrative to cybercriminals
Exposure of customer or business data can be highly damaging to your organisation
Ensuring only authorised users can log in to devices and systems helps maintain accountability
ASHLEY MIDDLETON (C) 2020 4
5. How an attacker could guess your password
How an attacker could guess your password
You may have previously heard various advice about what makes for a strong password.
To know what makes for a secure password, it’s important to understand how attackers will try to
compromise passwords.
ASHLEY MIDDLETON (C) 2020 5
6. The most
common attack
vector
ASHLEY MIDDLETON (C) 2020 6
The most common ways that
cybercriminals will attempt to
compromise passwords are:
Lists of common passwords. Passwords
like abc123 and P@ssword1 will be
attempted first by attackers.
Personal information. An attacker could
use information like birthdays and pet
names that are often easily found on
social media.
7. Passwords
compromised
ASHLEY MIDDLETON (C) 2020 7
Using brute-force attacks. The last resort for an
attacker is a brute-force attack, which involves
going through characters systematically until
your password is arrived at (i.e. aaa, aab, aac,
and so on…)
Passwords compromised through breaches. If a
site experiences a breach and your password is
exposed, an attacker may try that password to
log into your accounts on other services.
8. Why you shouldn’t reuse passwords?
While it’s common advice that you should never reuse passwords, the
important thing is to never reuse passwords for anything that matters.
Websites and user databases are breached all the time, which may
allow cybercriminals to crack the passwords that users of those sites
used. They can then attempt a combination of the email you used to
sign up for the site and the password you used on the site to attempt to
log in to any other service or website.
If you have reused your password anywhere else, the attacker will be
able to get in instantly.
ASHLEY MIDDLETON (C) 2020 8
9. How to create a password that’s easy to
remember but hard to crack
A perfect password would be one that was easy to remember but impossible to crack.
While a perfect password is not possible, there is a technique you can use to get as close to it as you can:
the three random words technique.
Pick three entirely random words, such as raven clockwork burger (don’t choose any words that could be
tied to you or your organisation, interests or family)
Put the three random words together
ASHLEY MIDDLETON (C) 2020 9
10. ASHLEY MIDDLETON (C) 2020
10
Congratulations, you have a password that’s incredibly hard to crack but one that
you already remember!
11. Keeping your password safe
It's important to create a strong password, but the effort will be wasted if you don't take steps to keep your
password safe.
You should:
Never write down passwords on paper
Never share passwords with colleagues or anyone else
Never send passwords in emails, text messages or in any other way to anyone else
Never give your password to anyone, even the IT team will never need it
ASHLEY MIDDLETON (C) 2020 11
12. Multi-factor authentication
While having a secure password is essential, it still may not be enough to stop an attacker.
The more secure your password is the smaller the chance that a cybercriminal could randomly guess it -
but it can always happen.
A site may also cause your password to become compromised in a breach.
ASHLEY MIDDLETON (C) 2020 12
13. Multi-factor authentication
Multi-factor authentication protects your accounts by making you need another method of authentication
in addition to your password when you sign in.
This additional method could be:
A code from an authentication app
A code from a text message or email
An authenticated removable device
If you have anything worth protecting on an account, you should always turn on multi-factor
authentication when it's available.
ASHLEY MIDDLETON (C) 2020 13
14. When you are ready to
continue to the questions
section,
TICK ALL THE BOXES TO CONTINUE!
ASHLEY MIDDLETON (C) 2020 14
15. Why having strong passwords matters
How an attacker could breach your password
Why you shouldn't reuse passwords
Why using two-factor authentication helps to boost data security
ASHLEY MIDDLETON (C) 2020 15
16. How might your social media use affect your password security?
Social media sites sell your passwords to cybercriminals
If your password is related to your family, pets or interests, social media could allow it to be
guessed
Your friends on social media will be able to see your passwords
ASHLEY MIDDLETON (C) 2020 16
17. Question 1
Using a pattern on your
keyboard will allow you to
easily create a strong but
memorable password?
True or False
ASHLEY MIDDLETON (C) 2020 17
18. Question 1- Answer
Using a pattern on your
keyboard will allow you to
easily create a strong but
memorable password?
False:
It may memorable but it
wouldn’t be strong
ASHLEY MIDDLETON (C) 2020 18
19. Question 2
If you're not in a job role where you
regularly send or receive
confidential information over email,
it doesn't really matter if you have a
strong password for your email or
not?
Yes or No
ASHLEY MIDDLETON (C) 2020 19
20. Question 2 - Answer
Correct:
There is a lot that a cybercriminal could do with access to a
company email, so it is essential to protect all email
accounts with strong passwords.
ASHLEY MIDDLETON (C) 2020 20
21. Question 3
Which of these
examples is the most
secure password
combination?
QWERTY
P@ssword1
clockworkeightydumbbell
ASHLEY MIDDLETON (C) 2020 21
22. Question 3 - Answer
Correct:
Having three random words
make up your password makes it
very difficult to crack while
being reasonably easy to
remember.
clockworkeightydumbbell
ASHLEY MIDDLETON (C) 2020 22
23. Question 4
You have just started using a
new application for processing
confidential data. You've created
a strong password, but is there
anything else you can do to help
keep your account secure?
Write down your password somewhere
safe
Provide answers to security questions
so you can recover the account if needed
Turn on multi-factor authentication
ASHLEY MIDDLETON (C) 2020 23
24. Question 4 - Answer
Correct:
Turn on multi-factor
authentication
Multi-factor authentication is
essential for keeping confidential
apps secure, as it adds another
layer of security.
ASHLEY MIDDLETON (C) 2020 24
25. Question 5
What does multi-
factor
authentication
do?
It makes your accounts ask for
multiple passwords instead of just one
It makes your accounts ask for
another method of authentication in
addition to your password
ASHLEY MIDDLETON (C) 2020 25
26. Question 5 - Answer
Correct:
This another method
could be a code from an
authentication app, text
message or email.
It makes your accounts automatically
detect cybercriminals trying to hack
their way in, because they cant
authenticate.
(They don’t have the additional bit of information
or authentication key)
ASHLEY MIDDLETON (C) 2020 26
27. Question 6
You have created strong
passwords for all your
accounts, but keep
forgetting them. What
should you do?
Switch to using the same password for everything
Write down your passwords on post-it notes on your
monitor
Write down your passwords in a spreadsheet
Ask your IT team if they can provide you any tips or
tools like password managers that you can use for
password management
ASHLEY MIDDLETON (C) 2020 27
28. Question 6 - Answer
Correct:
There are tools available that can help you manage your
passwords, but you should check with your IT support team
before using them.
ASHLEY MIDDLETON (C) 2020 28
29. Question 7
It's safest to create one
strong password and to
reuse it across all your
accounts and devices?
True / False
ASHLEY MIDDLETON (C) 2020 29
30. Question 7 - Answer
Correct:
You should not reuse passwords, because if you did and one
leaked it would expose all your other accounts.
ASHLEY MIDDLETON (C) 2020 30
31. Question 8
Who should you
share your passwords
with?
Colleagues
Your partner
Your manager
Nobody
ASHLEY MIDDLETON (C) 2020 31
32. Question 8 -Answer
Correct:
There is no reason why your manager or IT team would
need your password, as they can use account privileges to
access your accounts if required.
ASHLEY MIDDLETON (C) 2020 32
33. Question 9
What is the best way to
create a strong but
memorable password?
Use the name of your favourite singer or sports
team and add a number after it
The name of your pet, but add some special
characters
The same long and secure password you use
for everything else
Pick three random words and combine them
together
ASHLEY MIDDLETON (C) 2020 33
34. Question 9 - Answer
Correct:
This allows you to create a password like
'buttergamingmongoose' that's difficult to crack but
reasonably easy to remember.
ASHLEY MIDDLETON (C) 2020 34