Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
Cybersecurity Awareness Month 2022: Using Strong Passwords and a Password Manager
The key behavior that we are highlighting this week for Cybersecurity Awareness Month is using strong passwords and a password manager. In today’s blog we interviewed NIST’s Connie LaSalle, a senior technology policy advisor, and she offers four specific ways to mitigate your cybersecurity risks online while discussing the importance of adopting strong passwords.
Take a look at her responses to our questions below…
This week’s Cybersecurity Awareness Month theme is using strong passwords and a password manager. How does your work/specialty area at NIST tie into this behavior?
As a senior technology policy advisor, I help NIST teams interpret, anticipate, and formulate a position on matters of policy that may affect our role or our work, including issues related to identity, credential, and access management (ICAM). Additionally, as an ICAM subject matter expert, I contribute to NIST guidance, such as Special Publication 800-63, Digital Identity Guidelines, which offers direction on several ICAM topics, including those highlighted as this week’s key behavior.
What is the easiest way to stay safe online?
Just like in the physical world around us, we should all be aware of our surroundings online. Social engineering attacks, phishing, mis/disinformation campaigns, scams, and many other nefarious activities are increasingly sophisticated and common, so being a skeptical consumer of information is generally a good rule of thumb. For groups and individuals who may be at high risk of targeted attacks or harassment, both online and offline, it is especially important to monitor your digital footprint and be conscientious about which technologies (and people) you decide to trust with your information. Tying this back to our theme, one helpful habit that everyone can adopt is use of strong passwords – or, even better, multi-factor authentication that is phishing-resistant, where possible.
What are three things you can do to minimize cybersecurity risks to a person or businesses?
I’ll offer three things and a bonus fourth. Mitigating risk, whether you are an individual or a business, comes down to a few buckets of action that translate across contexts —
- understand your environment (e.g., people, their preferences and needs, assets for which you are responsible or upon which you are reliant, etc.)
- understand risks to your environment
- take action to manage risks based on their relevance to your environment and your priorities
- have a backup plan when something unexpected happens
What does #BeCyberSmart mean to you?
Knowledge is power. Taking a few steps to arm yourself with information about online safety can make a difference, and not just in the digital world.
What is your favorite thing about working at NIST?
NIST’s culture of excellence permeates everything we do in a palpable way. It is motivating to be surrounded by so many people who care deeply about their work and each other. That aspect of our culture has undoubtedly contributed to the cybersecurity program’s five-decade track record of impactful and relevant work.
