← Back to Modules

🔐 Module 1: Password Security

Learn about creating strong passwords, password managers, and best practices for password security.

📚 Training Content

Why Password Security Matters

Passwords are the first line of defense for your digital accounts. Weak or reused passwords are one of the most common ways attackers gain unauthorised access to systems, leading to data breaches, identity theft, and financial loss.

What Makes a Strong Password?

Length is King: Passwords should be at least 12-16 characters long. Longer passwords are exponentially harder to crack.

Complexity Helps: Use a mix of uppercase letters, lowercase letters, numbers, and special characters. However, length matters more than complexity.

Passphrases Work Best: Consider using memorable passphrases like "correct-horse-battery-staple" combined with random elements. These are easy to remember but hard to crack.

Avoid Common Patterns:

  • ❌ Dictionary words (Password, Welcome, Admin)
  • ❌ Personal information (birthdays, names, addresses)
  • ❌ Keyboard patterns (qwerty, 123456, asdfgh)
  • ❌ Simple substitutions (P@ssw0rd)

Password Reuse: The Silent Killer

Using the same password across multiple accounts is extremely dangerous. When one site gets breached (which happens frequently), attackers will try your username/password combination on other popular services. This is called "credential stuffing."

The Rule: Every important account should have a unique password. Never reuse passwords, especially for email, banking, or work accounts.

Password Managers: Your Best Friend

Password managers are secure applications that store all your passwords in an encrypted vault. You only need to remember one master password.

Benefits:

  • ✅ Generate strong, unique passwords for every account
  • ✅ Automatically fill in login forms
  • ✅ Sync across all your devices
  • ✅ Alert you to password breaches
  • ✅ Store secure notes and 2FA codes

Popular Options: 1Password, Bitwarden, LastPass, Dashlane, or built-in options in browsers (though dedicated password managers are more secure).

Password Change Policies: Modern Thinking

Old advice said to change passwords every 30-90 days. Modern security guidance has changed:

Only change passwords when:

  • There's evidence of a breach or compromise
  • You've shared the password with someone
  • The password is weak or reused
  • You suspect unauthorised access

Frequent mandatory changes often lead to weaker passwords (like adding "2024" to the end) rather than truly secure ones.

Multi-Factor Authentication (MFA)

Even the strongest password can be stolen. Enable MFA wherever possible for an extra layer of security. This requires something you know (password) plus something you have (mobile, security key) or something you are (fingerprint).

Note: Many Australian services including myGov, banking apps, and government portals now require or strongly encourage MFA. Make sure to set it up!

Key Takeaways

  • 🔑 Use passwords 12+ characters long, preferably passphrases
  • 🔑 Never reuse passwords across accounts
  • 🔑 Use a password manager to manage unique passwords
  • 🔑 Change passwords only when necessary, not on a schedule
  • 🔑 Enable multi-factor authentication everywhere

📝 Test Your Knowledge

Now that you've learned about password security, take the quiz below to test your understanding.

QUESTION 1 OF 4
You need to create a password for your new online banking account. Which approach is MOST secure?
QUESTION 2 OF 4
Your company's IT policy requires password changes every 90 days. However, you've been using strong, unique passwords generated by your password manager. What's the BEST approach according to modern security practices?
QUESTION 3 OF 4
You're setting up a new password manager. Your colleague suggests storing the master password in a secure note on your phone "just in case." What should you do?
QUESTION 4 OF 4
You discover that LinkedIn had a data breach and your password may be compromised. You use similar passwords across several sites. What should you do FIRST?

Quiz Complete!

0%
Back to Modules