The Tzintiliztli Workshop Series (Online)
Cybersecurity Basics

Password Security and 2FA

Complete & Continue Next Lesson Learn More

Why Passwords Matter More Than You Think

Your passwords are the keys to your digital life. They unlock everything from bank accounts to private messages, yet, many people still use weak combinations like”123456” or “password”, making a hacker’s job effortless. A strong password acts as the first and, often, most critical line of defense against unauthorized access. The problem isn’t just weak passwords, it’s password reuse. If one account gets breached, and billions have been, cybercriminals will try those same credentials everywhere else, from email to online shopping.

Building Unbreakable Passwords

A truly secure password is long, complex, and unique. Aim for at least 12 characters, mixing uppercase and lowercase letters, numbers, and symbols. Avoid obvious substitutions like p@ssw0rd or personal details like birthdays or pet names that attackers can easily guess. Instead, consider using a passphrase, a random string of words, like ~SmoothRiver*Cactus289~ as an example, that’s easier to remember but difficult to crack. A password manager, such as Bitwarden or KeePassXC, can store and even generate complex passwords for you. These tools encrypt your credentials, requiring you to remember only one main password.

The Power of 2FA

Even the strongest password isn’t foolproof. That’s where two-factor authentication (2FA) adds a critical second layer. With 2FA, accessing your account requires not just a password, but also a secondary method such as a physical security key or temporary code sent to your email, phone, or authenticator app. This means that even if a hacker steals your password, they can’t get in without that second factor. For high-risk accounts (banking, email, social media), always enable 2FA using an authenticator app, like Authy, rather than SMS, which can be intercepted through SIM swapping attacks.

Breaking Bad Password Habits

Many of us know the rules but still cut corners for convenience. Here’s how to change that:

  • Stop reusing passwords—a breach on one site shouldn’t endanger others.

  • Never share passwords—including friends and family.

  • Update passwords periodically—especially after a data breach.

  • Beware of phishing—no legitimate company will ask for your password or other information via email.

Putting It Into Practice

Start today by picking three critical accounts (email, bank, and one social media profile) and upgrading their passwords to unique, complex versions. Then, enable 2FA on each. If you’re new to password managers, spend 10 minutes setting one up. It’s a game-changer for both security and convenience.

By combining strong, unique passwords with 2FA, you’ll lock out the vast majority of automated attacks. Next, we’ll explore how to protect personal information from more targeted threats. Remember: In cybersecurity, a little effort goes a long way.

Review Questions

  • Why are passwords important?

  • What are common standards for a secure password?

  • What can store, generate, and encrypt complex passwords and requires memorizing only a main password?

  • Physical security keys and temporary codes sent to email, phone, or authenticator app are examples of what security technology?

  • True or false: SIM swapping is not a high priority risk.

  • How can users break bad password habits?