This article provides recommendations for a secure password, based on current research and lessons learned, as well as our own experience. We observe dozens of attacks with username/password combinations every day - this gives us a unique perspective to understand the role of passwords in account takeover.
The following recommendations are aimed at users of MOORnetworks identity platforms (Private Cloud, Active Directory, Azure Active Directory or Microsoft accounts), but can also be applied to other platforms.
- Create a unique password for your account
The security of your account is important for several reasons. Personal, sensitive information may be associated to your account such as your emails, contacts, and photos. In addition, other services may rely on your email address to verify your identity. If someone gains access to your email, they may be able to take over your other accounts too (like banking and online shopping) by resetting your passwords by email.
Tips for creating a strong and unique password:
- Don’t use a password that is the same or similar to one you use on any other website. A cybercriminal who can break into that website can steal your password from it and use it to steal your account.
- Don’t use a single word (e.g. "princess") or a commonly-used phrase (e.g. "Iloveyou").
- Do make your password hard to guess even by those who know a lot about you (such as the names and birthdays of your friends and family, your favorite bands, and phrases you like to use).
- Keep your security info up to date
Current security info (like an alternate email address or phone number) helps us to verify your identity if you forget your password or if someone else tries to take over your account. We never use this info to spam you or to try to sell you something. Promise!
- Watch for suspicious activity
In our as well as Microsoft's portal pages, you can track unusual or suspicious activity under the heading "Recent Activity". For example, you can see your last login and/or changes to your account. For requested password changes you will also receive an email confirmation. If you see anything "wrong or unknown", click on "It wasn't me" and we'll walk you through a few steps to check the security information on your account.
- Turn on two-step verification
Two-step verification boosts account security by making it more difficult for hackers to sign in, even if they know or guess your password. If you turn on two-step verification and then try to sign in on a device we don’t recognize, we’ll ask you for two things:
- Your password.
- An extra security code.
We can send a new security code to your phone or your alternate email address, or you can get one through an authenticator app on your smartphone.
Keep your operating system, browser, and other software up to date
Most service and app providers release security updates that can help protect your devices. These updates help prevent viruses and other malware attacks by closing possible security holes. If you’re using Windows, in order to receive these updates automatically, turn on Windows Update.
Be careful of suspicious emails and websites
Don't open email messages from unfamiliar senders or email attachments that you don't recognize. Viruses can be attached to email messages and might spread as soon as you open the attachment. It's best not to open an attachment unless you expected to receive it. You should also be careful when downloading apps or other files from the Internet, and make sure you recognize the source.
Install an antivirus program on your computer
Hackers can steal passwords through malware (malicious software) that's been installed on your computer without your knowledge. For example, sometimes malware is maliciously downloaded with something you do want, like a new screen saver. Take the time to check and clear your computer of viruses or malware before you change your password.
Is your computer running Windows?
Great! Windows Defender is free anti-malware software built-in to Windows 8 and Windows 10. It updates automatically through Windows Update. If you're running an earlier version of Windows, you can download and install Microsoft Security Essentials for free.
After you install an antivirus program, you should set it to regularly get updates and scan your computer.