Protecting Your Passwords: Tips for Creating Strong, Secure Passwords During Cybersecurity Awareness Month
Passwords: They're the first line of defense against cybercriminals and data breaches, but creating, storing, and remembering them can be a real pain. During Cybersecurity Awareness Month this October, the Texas Association of Public Employee Retirement Systems is joining the National Cybersecurity Alliance to raise awareness about simple yet powerful ways to strengthen digital security. As a National Cybersecurity Awareness Month Champion, TEXPERS is part of a global initiative to promote online safety and security. We're excited to share resources that can help our members protect their personal and professional data from cybercrime.
As trustees, administrators, and professional members managing public employee retirement plans, your online security is more than just personal—it's professional. Breaches can have a ripple effect on the data of those you serve, making it crucial to adopt best practices for password creation and management. We're using insights from the National Cybersecurity Alliance's 2024 Oh, Behave: Cybersecurity Attitudes and Behaviors Report to highlight critical areas for improvement and actionable tips.
The State of Password Practices: What the Data Tells Us
The Oh, Behave report reveals some surprising trends in password creation approaches across different generations. Despite widespread knowledge of cybersecurity best practices, people's behaviors often fall short. Here are some key takeaways:
- Using Personal Information: Over a third (35%) of participants admitted including personal information—such as family members or pet names—in their passwords. This number was even higher among younger generations, with 52% of Gen Z and 45% of Millennials engaging in this risky behavior.
- Single Dictionary Words or Names: Forty percent of participants reported creating passwords using a single dictionary word or someone's name. This trend increased across all generations since 2023, with Gen Z leading the charge at 52%.
- Remembering Passwords: The most common way people remember their passwords is by writing them down in a notebook, with 59% of Silent Generation participants and 44% of Baby Boomers admitting to this habit. Millennials, Gen X, and Gen Z were more likely to rely on their memory but at the risk of forgetting or using simpler passwords.
- Password Managers: Although 46% of participants have never used a password manager, this figure has decreased by 10% since last year. However, password manager usage remains inconsistent, with high abandonment rates among Gen Z and Millennials.
This Oh, Behave report data indicates a gap between what people think they know about cybersecurity and what they actually do. It's clear that while people understand the importance of good password practices, many still fall into risky habits.
Password Tips at a Glance
Here's a quick rundown of the National Cybersecurity Alliance's top tips:
- Create Long, Unique, and Complex Passwords. Make sure each account is protected with its own 12-character or longer password.
- Use a Password Manager. They simplify password creation, storage, and management—no need to remember dozens of complex passwords.
- Enable Multi-Factor Authentication (MFA). Whenever possible, add a second layer of security to your accounts.
The Role of Password Managers
A password manager is a tool that stores and encrypts all your passwords in one place, requiring you to remember only a single master password. Using a password manager allows you to generate unique, strong passwords for each account without worrying about memorizing them. The Oh, Behave report shows that while awareness of password managers is increasing, actual adoption is still low. This is especially true among older generations, who are more likely to rely on less secure methods like writing passwords down or using simple password patterns.
October is the perfect time to start if you still need to incorporate a password manager into your digital life. Many password managers offer free versions that provide sufficient functionality for most users.
Multi-Factor Authentication: An Added Layer of Security
Another best practice for securing digital information is using Multi-Factor Authentication (MFA). MFA requires users to provide additional verification beyond just a password—such as a code sent to a mobile device or a fingerprint scan—before accessing an account. While awareness of MFA has increased, usage remains varied, according to the Oh, Behave report. Only 81% of participants had heard of MFA, and even fewer were actively using it.
MFA significantly enhances account security by adding another layer of protection, making it harder for cybercriminals to gain unauthorized access. This Cybersecurity Awareness Month, TEXPERS encourages all our members and their service providers to enable MFA wherever possible.
When to Change Your Passwords
It used to be standard advice to change your passwords every few months. However, cybersecurity experts, including those at the National Institute of Standards and Technology, now suggest that frequent changes are unnecessary if your passwords are already long, unique, and complex. The reason? Constantly changing your passwords increases the chances of reusing old ones or creating similar, weak ones.
The current recommendation is straightforward: Only change your passwords if you know they've been compromised or someone is accessing your accounts without authorization. Sticking to strong and unique passwords from the start reduces the need to update them frequently.
BUT REMEMBERING ALL MY PASSWORDS IS SO HARD!?
With so many online accounts to manage—some of us have over 100!—it's nearly impossible to remember every password without resorting to risky behaviors like using the same password for multiple accounts. If you're struggling to keep up, consider using a password manager.
Password managers take the guesswork out of creating and storing passwords. Here are some key benefits:
- Enhanced Security: A password manager can create long, complex passwords that are difficult to guess or crack.
- Convenience: You no longer need to write passwords in a notebook or rely on memory. Everything is stored securely in one place.
- Peace of Mind: With a password manager, the others remain secure even if one account gets compromised.
Don't Take a Pass on Password Managers
Given how interconnected our lives have become, having a system to keep your passwords safe and secure is more critical than ever. TEXPERS encourages you to explore the various free and premium password managers available today. Most are user-friendly and can provide peace of mind that your digital life is secure. Tools like LastPass, 1Password, and Dashlane are excellent starting points if you're new to password management.
Stay Tuned for More Cybersecurity Tips This Month
TEXPERS is committed to empowering its members with the knowledge and tools needed to protect their digital information. Stay tuned for upcoming posts covering more cybersecurity topics, like recognizing phishing scams and securing devices at home and in the office.
For more information on Cybersecurity Awareness Month and how to get involved, visit the National Cybersecurity Alliance. Let's work together to "Secure Our World" this October!
About the Author:
Allen Jones is the director of communications and event marketing for TEXPERS. He joined the Association in 2017. Before TEXPERS, he worked in the news media industry, producing content for newspapers, magazines, and online publications and leading newsrooms as an editor and publications manager. [email protected]