Password Security

Passwords are the first line of defense against unauthorized access to your devices and accounts. It is essential to have strong passwords that are not easy to guess or crack to protect your personal information from hackers and malicious software. Always remember, the stronger your password the more protected you are!

ACLED asks all team members use strong passwords for their devices and accounts to help protect ACLED's information security.

What makes a strong password?

The key to remember is that passwords should be long, strong, and complex. ACLED requests all team members use the following best practices when creating passwords:

1. Use a long string of at least 15 characters but the lengthier the better!
2. Use different types of characters including capital and small letters, numbers and symbols!
3. High level of randomness - don't use sequential letters and numbers and avoid common substitutions such as replacing the letter "O" with the number "0" or "a" with "@"!
4. Create a unique password - do not use the same password for different accounts and do not reuse passwords previously used for the same account! Using the same passwords across the board means if one account is broken into, another break-in is sure to follow.
5. Don’t use common or easy-to-guess words/phrases - e.g. "ACLED", “conflict”, "data", “2022”!
6. Don't use personal information - e.g. your name, address, position, birthday, names of pets or family members!

Creating strong passwords

Creating strong passwords can be a challenging and at times frustrating task. A good rule of thumb is: You only every have to remember around 4 passwords for the 4 most important devices/accounts; all other passwords can be randomized!

The 4 passwords you should be able to remember are the passwords for:

Your devices (endpoint and mobile) - i.e. the full disc encryption password (e.g. BitLocker and FileVault), in most cases the user account password will be used to also decrypt your device, thus is password may not be needed in your case. For mobile phones the user password decrypts the device.
Your administrator and/or standard user device accounts
Your password manager to unlock the data (e.g. LastPass)
Your email account(s) especially the account connected to your password manager

There are many tips and tricks for manually creating a strong, complex, and memorable password. The best method is to start with a base in form of a phrase/saying/lyric or 3-6 random and unrelated words and then play around with it to increase the complexity. Here are some ideas:

Replace every vowel with the next one in the alphabet.
Shorten each word by cutting the first 2 letters.
Capitalize a random letter in each word.
Create your own code and replace some letters with symbols or numbers.

To create randomized passwords, you can simply type out a long string of at least 15 characters including upper and lower case letters, numbers, and symbols. If make it even easier for you, you can use LastPass to recommend secure passwords for you.

Sharing passwords securely

The most secure way of sharing passwords is using an encrypted online password sharing platforms such as LastPass. All ACLED passwords are shared with team members using LastPass. If you have a free LastPass account, you can share every password with one person each. If for some reason you cannot make use of a password sharing platform, try sharing passwords over an encrypted messaging service like Signal or WhatsApp and turn on disappearing messages. Always avoid using the word "password" in a message when sharing.

Do not send passwords for any ACLED accounts (and ideally also not for your personal accounts) via unsecure messaging services including Facebook or Slack. Emails or SMS are generally also considered as unsecure unless you have implemented specialized encryption.

Training_PasswordSecurity_OpenBriefing.MP4

If you want to know more about password security, we highly recommend that you check out ACLED's Password Security Training recorded by Richard Tyran an information security consultant working with Open Briefing.

You might also find this article by NordPass interesting and helpful.

If you have any further questions regarding digital security or this page, please reach out to ACLED’s Operation team (operations@acleddata.com).