An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News : News
NEWS | Oct. 18, 2023

National Cybersecurity Awareness Month: Using strong passwords

Defense Contract Management Agency

The Defense Contract Management Agency’s Information Technology Cybersecurity team champions Cybersecurity Awareness Month, or CSAM, to ensure good cyber habits. As our online lives expand, the average user has gone from having just a few passwords to now managing upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. 

CSAM Week Two focuses on the importance of using strong passwords.

DCMA Cybersecurity Tips and Advice

Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be cracked by computer hackers. Strong passwords are one of the easiest ways to protect accounts from compromise and reduce the risk of someone stealing sensitive information, data, money or even your identity.

Tips for Strengthening Your Passwords

  • Longer is stronger: Passwords with at least 16 characters are hardest to crack.
  • Hard to guess: Use a random string of mixed-case letters, numbers and symbols. If you need to memorize a password, create a memorable passphrase of five to seven unrelated words. Get creative with spelling and add numbers or symbols.
  • One of a kind: Use a unique password for each account. When using passwords for DCMA accounts, remember that Department of Defense policy mandates the use of strong passwords. The minimum password length is 15 characters. The minimum password complexity when not using DoD public key infrastructure, or PKI, is at least one lowercase letter, one uppercase letter, one number and one special character.

Additional Password Creation Tips

  • Use different passwords for different accounts.
  • Develop mnemonics to help remember complex passwords.
  • Do not use passwords based on personal information or that can be easily accessed or guessed by a quick search on social networking sites.
  • Avoid repetitive or sequential characters.     
  • Consider using the longest password or passphrase permissible.
  • Do not use words that can be found in any dictionary of any language.

According to the National Cybersecurity Alliance:

  • Only 33% of individuals create unique passwords for all accounts.
  • Only 18% of individuals use password managers for personal accounts.

There is no guarantee these techniques will prevent an attacker from learning your password, but they will make it more difficult for a threat actor to gain access to your information.

For more information about passwords and other cybersecurity topics, visit the Cybersecurity and Infrastructure Security Agency website or the Cybersecurity Awareness Month webpage on DCMA 365 (employee login required).