Password and MFA Security

Cybersecurity Series 2 of 7 – Passwords and Multi Factor Authentication

Passwords can be a pain to remember, but they have never been so critically important to get right. In this article, we lay out the fundamentals of passwords and multi factor authentication.

The importance of a strong password

A strong password acts as a robust barrier against unauthorized access. It poses a significant barrier to cybercriminals from easily guessing (cracking) your credentials. Here’s how to create and manage strong passwords:

  1. Length Matters: Aim for passwords that are at least 12 characters long. Longer passwords are harder to crack.
  2. Complexity: Combine uppercase and lowercase letters, numbers, and special characters. Creating such a password to resemble an actual word/phrase can be helpful for recall (e.g., aM4z!nGgrAc3).
  3. Avoid Common Words or family related names/dates: Refrain from using easily guessable words like “password,” “123456,” or your name, pets name, child’s date of birth etc.
  4. Unique for Each Account: Never reuse passwords across different services. If one account is compromised, others remain secure.
  5. Use Passphrases: Consider using a memorable phrase or sentence (e.g., “BlueSky@2024IsBeautiful!”).

Multifactor Authentication (MFA)

Multi Factor Authentication provides an extra Layer of Security by requiring two or more forms of identification to access an account. It significantly enhances security by combining something you know (password) with something you have (a device or token) or something you are (biometrics, e.g fingerprint, or face/retina scan).

Examples of MFA
  1. Text Message (SMS) Codes: Receive a one-time code via SMS to verify your identity during login.
  2. Authentication Apps: Use apps like Google Authenticator, Authy, or Microsoft Authenticator. These generate time-based codes.
  3. Hardware Tokens: Physical devices that generate unique codes (e.g., YubiKey).
  4. Biometrics: Fingerprint or facial recognition (available on smartphones and some laptops).


Best Practices for MFA
  • Enable MFA for all critical accounts: Email, banking, social media, and work-related services.
  • Backup Codes: Save backup codes provided during MFA setup. These help if you lose access to your primary device.
  • Regularly Review Authorized Devices: Remove any unused or unrecognized devices from your MFA settings.
  • Avoid SMS-Only MFA: While better than no MFA, SMS codes can be intercepted. Use app-based or hardware-based methods whenever possible.

Password storage

As we recommend a unique, complex password for each of your accounts, they need to securely stored. This does not mean in a folder on your PC called passwords! Many browsers allow you to store passwords, and password manager services like Dashlane, Fastpass, and 1Password are good (and typically free for individuals) password management systems.

To conclude, remember that cybersecurity is a shared responsibility. By implementing strong passwords and MFA, you contribute to a safer digital environment for everyone. Stay vigilant and protect your online presence! This might seem like heavy stuff, so we are happy to help if you have any queries, just call us at (091) 395413.

You May Also Like…

Blog Series – CyberSecurity

Blog Series – CyberSecurity

Over the following weeks, we will publish a series of articles centred around cybersecurity, associated risks, and how...