Lesson 3: Password Management and Access Control

📚 Introduction

Passwords are your company’s first line of defense. Weak passwords, reused passwords, and insecure login methods are a gift to hackers.

This lesson will teach you:

• How to create strong passwords
• How to store and manage them safely
• Why two-factor authentication (2FA) is essential
• Why Authenticator apps and physical security keys are the best options

How to Create Strong Passwords

• Minimum of 12 characters.
• Must include uppercase, lowercase, numbers, and special symbols.
• Never use personal information like birthdates, names, or favorite sports teams.
• Avoid common words or simple patterns like “Password123” or “qwerty.”

Why You Must Never Reuse Passwords

• If one account is hacked, reused passwords will open the door to your other accounts.
• Hackers use password databases from past leaks to try old passwords on new platforms.
• Always use a unique password for every system.

How to Manage Passwords Safely

• Use a reputable password manager (like LastPass, 1Password, Dashlane, Bitwarden).
• Password managers can:
  • Create strong, random passwords for you.
  • Save all your login details securely.
  • Fill in passwords automatically, avoiding manual typing mistakes.
• Never write your passwords in notebooks, Excel files, or sticky notes.

Two-Factor Authentication (2FA) Must Be Enabled

Passwords alone are no longer enough. Two-factor authentication adds a second layer of protection.

Common 2FA Types:

1. SMS Codes (Weakest)
   • Can be intercepted or bypassed using SIM-swapping.
2. Email Verification Codes (Weak)
   • If your email is hacked, the attacker can access everything.
3. Authenticator Apps (Highly Recommended)
   • Apps like Google Authenticator, Microsoft Authenticator, or Authy.
   • They generate time-based codes that change every 30 seconds.
   • The codes work even if your phone is offline.
   • Much safer than SMS or email.

Advantages of Authenticator Apps:

• Harder to steal.
• Not vulnerable to SIM-swapping.
• Works independently of mobile network.

Tip:

Install the Authenticator app on your smartphone.
When setting up 2FA, always choose the “Authenticator App” option instead of SMS when available.

Physical Security Keys (Maximum Security)

• Devices like YubiKey or Google Titan Security Key.
• You plug them into your computer or tap them via NFC on your phone.
• They provide extremely strong, physical protection.
• Even if someone knows your password, they cannot log in without your physical key.

Advantages:

• Almost impossible to hack remotely.
• Extremely fast login with a single tap.
• Recommended for company executives, administrators, or anyone with access to sensitive data.

❌ What You Must Never Do

• Never share your passwords by email or chat.
• Never store passwords in your browser without a password manager.
• Never disable 2FA for convenience.

Summary: Your Password and Access Checklist

✔️ Use unique, strong passwords for every account.
✔️ Always use a password manager.
✔️ Enable two-factor authentication on all accounts.
✔️ Prefer Authenticator apps over SMS.
✔️ Use physical security keys if available.
✔️ Never share or write down your passwords.

Time to Test Your Knowledge!

Let’s see if you’ve mastered password security and access control.

✔️ The quiz will give you instant feedback.
✔️ You can retake the quiz as needed.

👉 Good luck! Let’s begin.

Get up to 70% off on NordPass Premium Plans
Affiliate link — helps keep our training free.

 

Results

#1. What is the minimum recommended length for a strong password?

8 characters

10 characters

12 characters

6 characters

#2. Which of the following is a correct example of a strong password?

Password123

Summer2024

@Fr7#kP1!rT

12345678

#3. Why should you never reuse the same password on different accounts?

It makes it easier to remember.

Hackers can use one stolen password to access all your accounts

It improves your security.

It saves time when logging in.

#4. What is the safest way to store and manage your passwords?

Write them in a notebook.

Save them in a Word document.

Use a password manager

Memorize all passwords without any help.

#5. What is one advantage of using a password manager?

It allows you to use the same password for all accounts.

It creates strong, unique passwords automatically.

It automatically emails your passwords to you

It saves your passwords in your browser.

#6. Which is the most secure type of two-factor authentication?

SMS codes

Email verification

Authenticator app

Security questions

#7. What is the key advantage of using an Authenticator app like Google Authenticator?

It sends codes to your email.

It works even if your phone is offline.

It uses your phone number to verify you.

It sends you daily security tips.

#8. What is a physical security key?

A password written on paper.

A USB or NFC device that protects your login access

A phone number used for login.

A printed list of your passwords.

#9. What is the biggest security risk when using SMS as your second authentication step?

SMS codes can expire too quickly.

SMS can be intercepted or stolen through SIM-swapping

SMS codes are too long.

SMS messages can damage your phone.

#10. What should you never do with your passwords?

Share them with colleagues via email or chat

Store them securely in a password manager.

Create a unique password for each account.

Use special characters and long combinations.

Previous

Finish