Identity Management Day: Better passwords help us become a smaller target for cybercriminals
Welcome to spring in Utah. Even if it is bright and sunny outside, it may snow any minute. One thing you may not know about spring is that the second Tuesday of April is Identity Management Day, a day of awareness about the importance of identity management. With April 8 almost upon us, I want to remind everyone about what it takes to keep our institution, students, patients, families, data, and money safe.
Why do I think this is important?
Several of my family members have had their accounts compromised, and I don’t want it to happen to anyone else. According to Identity Defined Security Alliance's 2023 Identity Management Day webpage, reported cybersecurity incidents involving compromised credentials affected 22% of U.S. households and 84% of organizations.
By better protecting our digital identities and taking a few extra steps to protect ourselves, we can make ourselves a much smaller target for criminals.
The first step is to create better passwords that can stand up to sophisticated hacking attempts and malicious software.
Currently, the U’s Information Security Office (ISO) recommends 14+ characters as the minimum for all passwords. The Cybersecurity & Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), also recommends using long passwords, such as a random string of mixed-case letters, numbers, and symbols. For example:
- cXmnZK65rf*&DaaD
- Yuc8$RikA34%ZoPPao98t
You can also create a memorable phrase of four to seven unrelated words (with or without spaces between each word), also called a “passphrase.” For example:
- Good: “HorsePurpleHatRun”
- Great: “HorsePurpleHatRunBay”
- Amazing: “Horse Purple Hat Run Bay Lifting.”
Recently, my brother called me and said, “I think my password has been hacked.” After talking it over for a few minutes, I concluded that he had given up his cloud service password after receiving a targeted email from a threat agent from his cloud service provider. This cascaded into a compromise of several of his accounts, and the loss of some data and money from his bank account.
The short explanation is that my brother didn’t use unique passwords on his accounts and did not have multifactor authentication (MFA) enabled on his valued accounts.
My recommendation is to change passwords on any website or service that has anything of value to you (money, photos, documents, medical info, etc.) to something unique and more than 14 characters, using the suggestions above as a template. Also, ensure that you enable MFA for any service that provides it and verify that it’s working.
One last thing: If you get an email or text message that you are not expecting from someone, do not open it. Similarly, if your financial institution emails or texts you indicating that a staff member wants to talk to you, do not reply. Call the bank directly or inquire in person.
Stay safe out there, and enjoy the beautiful spring weather before it snows again.
What is Identity Management Day?
Identity Management Day, which takes place on the second Tuesday in April each year, is a global day of awareness to educate business leaders, IT decision makers, and the general public about the importance of managing and securing digital identities. This year’s event is on April 8.
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.