Cybersecurity Awareness Month Banner Alternative

Week 1: Use Strong Passwords and a Password Manager

Lock It Down: Mastering Your Digital Keys

Having a weak password on any account is like sticking a spare key to your front door and leaving. A password is your digital door lock; your first level of protection that safeguards your data, finances, and digital life. This week we are going to improve that lock using a Password Manager. Pick one memorable master passphrase for the password manager, and let a password manager generate and remember long, unique passwords for all sites. You’ll turn your weakest link in security to your strongest link, plus save you time and stress.

A graphic of an open laptop with a mock-up login page on it's screen with a fishhook poking through it.

 What’s a Strong Password and why use it?

A strong password is a long, unique passphrase, ideally generated by your password manager, that mixes letters, numbers, and symbols and is never reused. For LACCD’s full requirements and tips, see the Password Guidelines

Adopting this practice is one of the most important steps you can take because it directly protects you in three important ways: 

  • Prevent account theft. Long, unique passwords defeat automated brute-force attacks. 

  • Limit the extent of breaches. If a site gets hacked, thieves aren’t able to use the same key/password again. 

  • It protects your identity. Financial apps, your photos, and other data remain private. 

 

What’s a Password Manager and why use it?

A password manager is a digital vault that securely creates, stores, and autofills complex, random passwords for each and every one of your accounts. All you need to remember is a master passphrase and it does the rest. 

Here’s why it’s worth using one: 

  • Stronger passwords by default: Creates essentially gibberish passwords that are 16-, 20-, even 30-characters long that attackers would never guess. 

  • No more reuse: Each account has its own unique key so if one account gets compromised, all of your other accounts with a unique password are safe. 

  • Time-saver: Autofill allows you to log into your accounts with one click; say goodbye to sticky notes and password resets. 

  • Syncs everywhere: Your passwords travel with you across your phone, laptop, and tablet. 

  • Built-in security checks: Most managers will check if a password is weak or compromised and allow you to change it on the spot. 

 How to Put It Into Practice

A quick note on browser password managers: When choosing a password manager, it's important to understand that the password manager built into your web browser is typically not the most secure choice. While convenient, they are a primary target for malware and lack the robust, dedicated encryption of a standalone application like the ones listed below.

  • You will need a password manager  (here are three free and well-known options):
    • Proton Pass – open-source, unlimited passwords and unlimited device sync.
    • Bitwarden – open-source, unlimited passwords and unlimited device sync.
    • Keepass – open-source, unlimited passwords and unlimited device sync. 
  • Create a master passphrase, long & easy to remember (e.g. purple-pineapple bus ride!). 
  • Update priority accounts. Go through and change your student email, learning management system, and banking to a manager generated password. 
  • Make sure to enable autofill & full sync everywhere. With the browser extension and mobile app, your strong passwords will follow you. 
  • Change any weak or reused passwords as you log in. Let the manager generate new ones on the spot, no marathon reset session needed. 
  • Back up your vault. . Either keep cloud sync on (default setting) or export an encrypted backup. 
  • Do a quick monthly check-up. Open the manager’s security report and fix any flagged logins. 

Pro tip: If you’d like an extra layer of protection, you can append a short unique secret recipe to your password such as &RB or !42 that only you know and type in manually. That said, today’s password managers are already strongly encrypted, so this step isn’t necessary, but it can add one more hurdle for attackers in case your password managers gets compromised. 

  

Password manager image

Learn About Passwords

  • Visit our Passwords webpage for more information.

Report Phishing

Report an Incident

Questions