Essentials TrainingPrepared for Southeastern Pneumatic
Module 3 of 3
EnglishEspaƱol
Getting started
Security Awareness Training

Passwords, Accounts & Workplace Security

Learn how to create strong passwords, protect your work accounts, recognize manipulation tactics, and stay aware of physical security around your workspace.

~10 minutes
Password security introduction

Why Passwords Matter

Your password is the lock on your HR portal, your email, and every other work account. If someone guesses or steals it, they can access your personal information: pay stubs, tax forms, home address, Social Security number, and bank details.

The good newsCreating a strong password doesn't have to be complicated. The best passwords are long and easy for you to remember, but hard for a computer to guess.

Creating Strong Passwords

The single most important factor in password strength is length. A long password made of simple words is much harder to crack than a short password full of symbols.

The passphrase method

Instead of a single complicated word, use a passphrase: four or more random words strung together. Pick words that create a picture in your mind so you can remember them.

Weak
Truck#22
Cracked in minutes
Strong
purple-fish-dances-Tuesday
Centuries to crack

The short password can be guessed by automated tools in minutes. The passphrase is 26 characters and would take centuries to crack, but you can picture a purple fish dancing on a Tuesday.

How to make a good passphrase

  • Pick 4+ random words that are not related to each other or to you. Avoid your name, birthday, pet, or favorite team.
  • Make it memorable. Imagine a silly picture: "green-hammock-sings-quietly" is a green hammock singing quietly.
  • Use separators like dashes, periods, or spaces between words.
  • Aim for 16+ characters. Four average words easily reach 20+.
Examples"bright-cactus-window-seven" (26 chars). "Monday.umbrella.runs.North" (26 chars). "coffee-ladder-orange-quiet" (26 chars). Each is long, random, and easy to picture.

Protecting Your Accounts

Never share your password

Your password is yours alone. No one at this company will ever need it, including IT, your manager, or HR. If someone asks for your password for any reason, that is a red flag.

ImportantIT support can reset your password if needed. They never need to know your current one. If anyone asks for your password by phone, email, or in person, refuse and report it.
Protecting your accounts

Do not reuse passwords between work accounts

Use a different password for every work system you log into. If you have a login for the HR portal, your email, and any other work application, each one should have its own unique password.

If one account is compromised and you used the same password on your other work accounts, the attacker now has access to all of them.

This applies to personal accounts tooNever use your work password on personal websites like social media or online shopping. When a large website has a data breach, attackers take those stolen passwords and try them against work systems. One breach can compromise everything if you reuse passwords.

If you think your password is compromised

  • Change it immediately. Do not wait.
  • Tell your manager or IT. They can check for suspicious activity on your account.
  • The best protection is never reusing passwords. But if you did use the same password on other accounts, change all of them right away. Start with your most sensitive accounts first.

Physical Security

Shoulder surfing

Someone watching over your shoulder as you type your password or view sensitive information is called shoulder surfing. This can happen in the office, at a job site, or anywhere you use a device.

What to doIf you notice someone watching while you type a password, stop typing. Wait for them to move before continuing. Be aware of who is around you during login. Angle your screen away from foot traffic.
Physical security awareness

Lock your screen when you walk away

Always lock your screen when stepping away, even for a few minutes. On Windows, press Windows key + L to lock instantly. It takes one second and prevents anyone from accessing your accounts.

Do not write passwords down

Avoid writing passwords on sticky notes, under your keyboard, or anywhere visible at your workspace. If you need help remembering passwords, the passphrase method makes them easy to remember.

Pretexting & Social Engineering

Pretexting is when an attacker invents a believable scenario to manipulate you into giving up information, access, or taking an action you normally would not. Unlike phishing emails, pretexting can happen by phone, in person, or through any channel.

How pretexting targets you

Attackers create convincing stories designed to make you act quickly without thinking. These scenarios are crafted to feel urgent, helpful, or authoritative so you lower your guard.

Example
"This is Dave from IT. We're seeing unusual activity on your account and need to verify your identity. Can you confirm your HR portal password so I can check if your account has been compromised?"
The ruleNo one at this company will ever need your password, including IT. If someone contacts you with an urgent request that involves sharing credentials, accessing a link to "verify" your account, or bypassing a normal process, stop and verify. Call IT or your manager directly using a number you already know.

Common pretexting scenarios

  • Fake IT support. Someone calls or emails claiming to be IT and needs your password or remote access to "fix" an issue.
  • Urgent requests from leadership. An email or call claiming to be from your boss asking you to buy gift cards, wire money, or bypass a normal process.
  • Vendor impersonation. A call or email from someone pretending to be a vendor asking to change payment details or requesting sensitive information.
  • Fake account alerts. A text or email saying your direct deposit failed or your benefits enrollment is expiring, with a link to "fix" it. The link leads to a fake login page that steals your credentials.
The common threadPretexting always relies on urgency, authority, or helpfulness to get you to act before you think. Slow down, verify, and follow normal procedures even when someone pressures you not to.

Module Summary

Here is a quick recap of what you learned in this module. Keep these points in mind as you take the quiz.

Strong passwords

Length is the most important factor. Use passphrases of 4+ random words (16+ characters). Never use your name, birthday, or company name as a password.

Account protection

Never share your password with anyone. Use a unique password for every work system. If you think a password is compromised, change it immediately and notify IT.

Physical security

Be aware of your surroundings. Lock your screen when you step away (Windows + L). Watch for shoulder surfing. Do not write passwords down.

Pretexting & social engineering

Verify before you act. No one at this company will ever ask for your password. When someone creates urgency or pressures you to skip a normal process, that is the red flag. Slow down and verify through a known channel.

You are readyThe quiz covers all four topics above. Remember: there are no trick questions. If you paid attention to the material, you will do well.

Knowledge Check

Answer all 5 questions based on what you just read.

Passing score: 80% (4 out of 5)
Question 1 of 5
Which of these passwords is the strongest?
Select your answer:
Question 2 of 5
Someone from IT calls and says they need your password to fix a problem with your email account. What should you do?
Select your answer:
Question 3 of 5
You use the same password for the HR portal and your work email. The HR portal suffers a data breach. What is at risk?
Select your answer:
Question 4 of 5
What makes "coffee-ladder-orange-quiet" more secure than "C0ff33!"?
Select your answer:
Question 5 of 5
You notice someone standing behind you watching your screen while you log into the HR portal. What should you do?
Select your answer: