How and why you should create a strong, safe password

Using unsafe passwords can have both personal and professional impacts. No one wants to be involved in a data breach. Health care data breaches cost on average $11 million each and continue to be the highest data breach cost of all industries. Over the past three years, the average cost of a data breach in health care has grown 53.3%.

The first line of defense in preventing these types of breaches is our trusted staff.

Staff should use best practices known for creating safe passwords, including increasing the length of passwords to at least 15 characters. The complexity of passwords is also an important deterrent. Staff should use a combination of letters, numbers and symbols.  

Here's a helpful tip: punctuate the middle.

Adding punctuation marks to the middle of a password dramatically increases its resistance to the worst kind of cracking techniques, like dictionary, brute-force, and rainbow tables.

Moreover, staff should make a habit of changing their password every 90 days.

Additionally, it is critical that staff are not using passwords that have been compromised. Devices like iPhones will now alert users if their password has suffered a data breach. Those users should change the compromised password immediately to protect their accounts.

So, what exactly happens when your password is compromised?

1. Every account associated with the same password becomes at risk. It is critical that users maintain different passwords across all their accounts to mitigate the risk if one is compromised.
   1. Example: Let’s say you use the same password for your banking login, your Active Directory (AD) login for UC Davis Health, and your Facebook page. If that password becomes compromised, hackers could gain access to your bank account, your UC Davis Health workstation, and your social media page.
2. Compromised passwords can also lead to identity theft and financial loss, which can sometimes take years to recover from, if at all.
3. If one of your UC Davis Health passwords is compromised, not only are you at risk for a data breach, but patient information may also be at risk, worsening the outcome of an attack.

If you’re notified of a compromised password, change it immediately. Create long, complex passwords to help prevent breaches and protect your accounts. If you’re looking for assistance in maintaining account-specific, long, and complex passwords, a password management tool could be useful in helping you remember them. Be sure to check out the LastPass Password Manager. You can securely store all your passwords in one location, and it can even auto-fill your username and password when logging into websites for better convenience.

Ultimately, we want you to be safe.