What is authentication?

Authentication is the act of proving one’s user identity for accessing systems, this is usually a password / passphrase.

What is a password and passphrase?

A password is a secret word or series of letters that is used to access an account.

A passphrase is a series of words at random (a minimum of four) put together to create your password.

It is highly recommended that your accounts have unique passwords assigned to them, this will prevent cyber criminals from compromising multiple accounts if they are able to gain access to your userID and password from one account.

At AARNet, the minimum password length is 14 characters long with a mix of uppercase, lower case, number and special characters. Guidance from the ACSC recommends the same.

How to create a strong password/passphrase?

To create your own strong password/passphrase, think of four random words and put them together or alternatively you could think of a long phrase and use the first letter (or few letters). Be creative when adding numbers and special characters to your password.

e.g.

• hotel + switch + water + breakfast becomes hotelswitchwaterbreakfast and add numbers and special characters it can becomes !H0telsWitchBreakfast
• I drink coffee to start the day becomes Idrcotosttheda and add numbers and special characters &Idrcotostthed4

Or alternatively, use a password generator and set the number of characters and complexity requirements and watch it generate a random password for you, these can be stored in a password manager.

Use a password manager

It is recognised that remembering multiple passwords across different accounts is difficult, and people tend to write down their passwords in a book or a sticky note near their devices or in their mobile devices.

A password manager is a tool that helps you securely store your passwords, and may also have the ability to generate random passwords for you to assign to accounts. It requires you to remember one password to access the account.

When selecting a password manager to use, ensure that you use one that is reputable and from a trusted source.

Some password managers applications available include (but not limited to) : 1Password, LastPass, BitWarden and Dashlane.

How to secure your password manager:

· Use a long password to access your password manager

· Enable multi factor authentication

What is multi-factor authentication?

Multi-factor authentication (MFA) is one of the most effective ways to protect against unauthorised access to your valuable information and accounts. MFA requires a combination of something you know (pin, password), you possess (token, card) or something you inherit (finger print, retina). Multi-factor authentication

Where possible, enable multi factor authentication for your online accounts, and use authenticator applications and physical tokens where possible. While email and SMS can be used to receive pins, use these as a last resort, they are the least secure methods of multi-factor authentication as they can be more easily compromised (e.g. email account is hacked, contact details changed or sim swapped).

Additional resources:

ACSC guidance on enabling MFA for select accounts (e.g. Facebook, LinkedIn, Twitter, Microsoft)