Sonoma County Office of Education

Important Password Security Reminder

05/25/2020 -

Password security is one of the most critical elements of the overall security of the organization. A password should be unique, meaning not used on any other site, and should have a decent amount of complexity. Password phrases are very popular these days, a good example would be that, if you were a huge Jimi Hendrix fan, you could use something like: purple ACID haze12&. According to security researchers, this password would take 1.21 hundred trillion centuries in the best-case scenario.

The reason a password should be unique is that passwords are sometimes breached. During these breaches of data, it's possible for an attacker to gain access to your password. If you use identical passwords on multiple sites, now you are open to attack on all other sites. There are multiple sites that allow you to see if your password is known to have been scraped in a data breach. One of the most popular is: haveibeenpwned.com

Firefox also has a monitoring service if you are interested.

It's also recommended to use a two-step verification with your Google account. This requires that you have a phone, landline, or security key to access your account. This is a failsafe and in the event that your password is exposed, you have your two-step verification to rely on until you reset your password. More information on how to set up 2-step verification can be found here.

Google also has a page dedicated to security for each individual. You can access this page at https://security.google.com. This web page will allow you to view logins, third-party applications with access to your account, and accounts that you have authorized to log in to third-party websites. Once a week I visit this site and review access to my account.