Password Security Guidebook

Click here to connect with the team

We live in an era where nearly every aspect of our lives involves online accounts – from banking and shopping to social media and streaming services. With so much sensitive information stored across countless websites and apps, having a rock-solid password strategy is more crucial than ever before.

Let’s be honest, remembering countless complex passwords is a nightmare. Many of us resort to using the same simple passwords across multiple accounts, putting our digital lives at risk. Data breaches have become alarmingly common, with personal details and login credentials being leaked en masse.
In this comprehensive guide, we’ll dive deep into the world of password management, exploring techniques to fortify your online security without sacrificing convenience. From understanding the anatomy of a strong password to leveraging password manager tools, we’ve got you covered. And for those who’ve fallen victim to data breaches, we’ll show you how to check if your email accounts have been pawned and steps/ tools to help you emerge.

Protecting your digital identity has never been more paramount. Join us as we embark on this journey to bulletproof your passwords and safeguard your online presence. Let’s get started!

The Invaluable “Have I Been Pwned” Service

Let’s talk about a brilliant website that should be in every individual’s and business’s cybersecurity toolkit – “Have I Been Pwned?” Now, you might be wondering, “What does ‘pwned’ even mean?”

Well, in hacker lingo, it refers to having your credentials compromised and accounts taken over.

This nifty service was created by the Aussie web security expert Troy Hunt. He’s dedicated his career to educating people about online vulnerabilities and data breaches. The “Have I Been Pwned” website allows you to check if your email address has been caught up in any known data breaches.

Here’s how it works: you simply enter your email address, and the site cross-references it against Hunt’s ever-expanding database of leaked login credentials from major cyber attacks and data dumps. If your address pops up, you’ll know your details have been “pawned” or exposed in a breach.


Now, you might think, “Why should I care if some old password got leaked?” Here’s the thing – cybercriminals often trade and reuse compromised login details to attempt accessing other accounts where people have reused passwords. It’s a vicious cycle that puts your online identity at constant

This free service is an absolute must for individuals looking to stay on top of their digital security hygiene. But it’s also a godsend for small and medium businesses trying to protect their systems and customer data from cyber threats on a limited budget.

By regularly checking if company email addresses have been caught up in any newly reported data breaches, SMBs can rapidly respond by resetting exposed passwords and tightening security protocols. It’s a simple step that could prevent a costly and reputation-damaging cyber attack.

So there you have it – “Have I Been Pwned” is a powerful tool that everyone should leverage to keep their online accounts secure and cyber-criminals at bay. As the old saying goes, “An ounce of prevention is worth a pound of cure!”

Have I Been Pwned: Check if your email has been compromised in a data breach

The Password Strength Tester from Services Victoria - Your Gatekeeper to Solid Credentials

When it comes to online security, one of the most fundamental yet often overlooked aspects is password strength. We’ve all been guilty of using easily guessable passwords like “password123” or reusing the same weak credentials across multiple accounts. But in today’s cyber-threat landscape, that’s just asking for trouble.

Thankfully, the wonderful folks at Services Victoria have our backs with their brilliant Password
Strength Tester tool. This nifty website allows you to analyse just how secure your current passwords really are and whether they’ve been compromised in any known data breaches.
Let me break it down for you. Upon entering your password, the strength tester assesses factors like length, complexity, and predictability to give you a score out of 100. Anything below 60 is considered weak and ripe for cracking by opportunistic hackers.

But here’s the real kicker – the service also cross-checks your password against a mammoth database of over 500 million leaked credentials from major cyber incidents worldwide. If your password pops up, you’ll know it’s officially been “pawned” and needs changing asap across all your online accounts. For the average individual, this tool is an easy way to fortify your digital identity and develop better password habits. But it’s an absolute must for small and medium businesses looking to bulletproof their cybersecurity.

Think about it – employees often use laughably weak passwords that leave company systems and sensitive data extremely vulnerable. By running regular password health checks, SMBs can identify and mitigate these glaring risks before cyber criminals strike. The best part? This service is completely free to use, thanks to the amazing digital services team at Services Victoria. They’re on a mission to uplift online security standards and empower all Aussies to truly lock down their digital lives. So, there you have it – a simple yet powerful tool to ensure your passwords are brawny beyond the wildest dreams of any self-respecting hacker. Why not give it a try and shore up your cyber defences today?

The Smart Way to Secure Your Logins - Password Managers and MultiFactor Authentication

Let’s be honest, remembering dozens of unique, complex passwords for all your online accounts is nothing short of a nightmare. You could write them down, but that’s about as secure as leaving your front door wide open. Reusing the same password across multiple sites? Well, you might as well hang a “Hack Me” sign from your computer.

This is where password managers such as LastPass come into play. These genius apps generate bulletproof passwords for you and store them in an encrypted vault. That way, you only need to remember one ultra-secure master password to access the rest.

But why should you bother using one of these handy tools? For starters, they’ll put an end to that crippling fear of forgetting logins and having to reset passwords every five minutes. More importantly, unique passwords for each account mean if one gets compromised, the others remain secure.

Password managers are an absolute must for busy individuals juggling a gazillion online accounts and businesses looking to batten down the hatches on cybersecurity. Can you imagine having to update employee passwords manually across every single system after a breach? Just thinking about the
logistical headache gives me shivers!

Of course, password managers are just one piece of the online security puzzle. To really lock things down, it’s essential to enable multi-factor authentication (MFA) wherever possible. MFA throws an extra layer of protection into the mix by requiring a one-time code from a separate
app or device to access an account, even if your password is compromised.

Sort of like a high-tech lock and a sneaky little guard dog keeping cyber-burglars at bay. For individuals, MFA prevents fraudsters from hijacking your logins and draining bank accounts. For businesses, it safeguards corporate data, finances and customer records from breaches that could lead to crippling regulatory fines and loss of consumer trust.

So, what are you waiting for?

Implement these two vital security measures right away and breathe a sigh of relief knowing your digital world is truly locked up tighter than a bull’s you-know-what!

There are quite a few popular password manager options available, both free and paid. Here are some of the most widely used ones:

1. LastPass One of the most well-known and feature-rich password managers. It has free and premium versions, supports multiple devices/platforms, and provides secure password sharing.

2. 1Password A premium password manager with excellent security features like travel mode and data breach monitoring. It’s user-friendly and compatible across devices.

3. Bitwarden An open-source password manager that’s free for individual use. It’s highly secure, cross-platform, and has quality audits/reviews.

4. KeePass A free, open-source, and lightweight password manager that’s very customisable. It’s platform-independent but can be less user-friendly.

5. Dashlane A premium option with a sleek interface and features like VPN, dark web monitoring, and secure online accounts backup.

6. RoboForm Long-standing paid password manager with form-filling capabilities and platform compatibility.

7. Keeper Business-focused but has consumer plans too. Provides secure record-sharing, messaging, and administrative controls.

8. Enpass Cross-platform and offline password manager with cloud options, fingerprint access on mobile.

Some other notable ones include NordPass, LogMeOnce, True Key, Zoho Vault, and password managers built into web browsers like Chrome, Firefox, Safari etc. The ideal choice depends on one’s budget, device ecosystem, and specific security/sharing needs.

Despite the Breaches - MFA is Your Safety Net

Now, before you get cold feet about using password managers, hear me out. Yes, even the big players like LastPass have fallen victim to cyber-attacks in recent years, with encrypted vault data being accessed by malicious hackers.

But here’s the crucial bit – while such breaches are certainly alarming, they’re not catastrophic if you have multi-factor authentication enabled as well. You see, MFA ensures that even if your encrypted password vault is compromised, cyber criminals can’t actually use those login credentials without also accessing your separate authentication app or device.

 It’s a bit like having a safe within a safe. The password manager is the outer vault holding your logins, while MFA acts as a secondary lockbox requiring a unique key to access that data. Hackers may crack the first safe, but good luck busting into that second fortified chamber!


For businesses, the double-whammy of password manager and MFA is an absolute must in the event of a supply chain attack impacting a provider like LastPass. Corporations can rapidly reset affected master passwords across their workforce and enforce strong MFA policies on all accounts and systems.

This two-pronged security approach essentially neuters the threat posed by stolen password vaults being sold on dark web markets or used in further cyber attacks. Without that crucial second authentication factor, your business Data remains locked down tight.

There are several multi-factor authentication (MFA) tools and methods available for businesses and individuals to enhance their account security. Here are some of the most popular options:

  1. Authenticator Apps These are mobile apps that generate time-based one-time passwords (OTPs) or security codes. Some widely used authenticator apps include:
    • Google Authenticator
    • Microsoft Authenticator
    • Authy
    • Duo Mobile
    • LastPass Authenticator
  2. SMS/Voice Calls Many services offer MFA via SMS or voice calls, sending a one-time code to your registered mobile number. However, this method is considered less secure than App based authenticators.
  3. Hardware Security Keys Physical security keys like YubiKey, Google Titan Key, or keys supporting FIDO standards provide a very robust form of MFA. They connect via USB, NFC, or Bluetooth.
  4. Biometric MFA Using biometric factors like fingerprints, facial recognition, or iris scans as the second authentication factor. Examples include Windows Hello, Touch ID on Apple devices.
  5. Push Notifications Apps like Duo Push, Microsoft Authenticator, and Okta Verify can send push notifications to your device for authentication approval.
  6. One-Time Password (OTP) Tokens Small hardware devices that display a new code every 30- 60 seconds to use as a second factor. Examples include RSA SecurID tokens.
  7. Smart Cards/CAC Cards Businesses, government agencies use smart cards/CAC cards with embedded certificates as an MFA method.
  8. Soft Tokens Software-based OTP generators like Google Authenticator can act as soft token apps on mobiles or desktops.

The choice depends on factors like user-friendliness, compatibility with existing systems, security requirements, and cost for businesses. Many organisations deploy a combination of methods for flexibility.

Of course, no cybersecurity measure is 100% bulletproof – that’s why defensive experts always preach layering multiple safeguards. But when used together, password managers and multi-factor
authentication (particularly when using separate platforms) create an incredibly robust access control system that thwarts even the most determined hackers and cyber criminals.

So don’t be put off by the odd high-profile breach. Adopt these complementary technologies today and sleep soundly knowing your logins are forged from steel and secured with the toughest locks
money can buy!