National Tax Security Awareness Week: Password Hygiene
Passphrases are Better than Random-Character Passwords
We’ve hit the halfway point in National Tax Security Awareness Week, putting discussion of phishing and online shopping scams in the rear-view mirror. Today, the IRS is spotlighting an area of data security that is often overlooked: password hygiene.
Anyone who creates a new password in a third-party, web-based email service has seen the color-coded password strength checker. The first encounter may have been a rude awakening: if your rock-solid, hacker-proof password generates a red “weak” rating, it can certainly make you question your cleverness. At the very least, it highlights how sophisticated cybercriminals’ tools can be, and that’s why learning how to create a strong password is imperative—especially if you work in an industry that handles sensitive financial data.
The IRS points out that memorability is a key frustration of creating a strong password. Industry guidance from years past has recommended a random string of letters, numbers, and special characters for creating a strong password, and many password strength checkers still rely on that framework for grading whether a password will protect your data from bad actors. Luckily, the IRS has provided hope for people who have to discretely carry around a sheet of paper just to log into their office computer: passphrases.
A passphrase is literally what it sounds like: a series of words used in place of a traditional password. One example of a secure passphrase from the IRS Newswire is “SunWalkRainDrive,” and the IRS says that creating a passphrase doesn’t have to be an arcane task. Here are the agency’s three, easy-to-follow steps for choosing a passphrase:
- “Step 1 – Leverage your powers of association. Identify associated items that have meaning to you.
- Step 2 – Make the associations unique to you. Passphrases should be words that can go together in your head, but no one else would ever suspect. Good example: Items in your living room such as BlueCouchFlowerBamboo. Bad example: Names of your children.
- Step 3 – Picture this: create a passphrase that you can picture in your head. In our example, picture items in your living room. The key is to create a passphrase that is hard for a cybercriminal to guess but easy for you to remember.”
Aside from steering people away from passwords that look like they were created by a robot, the IRS also points out that creating one secure passphrase isn’t good enough. Every online account and individual digital device needs a separate, unique password, and that even includes “wireless devices such as printers and routers” that come with default passwords (usually something like “admin” or “password”). The agency also recommends a password manager if you have a large number of accounts and devices that need to be secured.
There are only two more days left in National Tax Security Awareness week, so stop back by Taxing Subjects for a rundown of the security issues that the IRS and Security Summit want you to know about.
Source: IRS Newswire