Password Best Practices

Passwords/Passphrases

Passwords/passphrases give you access to work and personal accounts. Because passwords are the gateway to work and personal data, they need to be strong. Passwords should be easy to remember but hard to guess, which sometimes sounds impossible. Passphrases are better than passwords, because they are typically longer and easier to remember.

How to create a passphrase

Combine three or four random (must be truly random) words and put them together to create a passphrase. The key word here is random. The words that you choose shouldn't have any relationship to one another, other than you choosing them for your passphrase. The reason? Because common phrases like titles of books or song lyrics, are often tried first by criminals seeking to break your password. Additionally, don't just look for a single long word found in the dictionary, because criminals try those too. * "boat-tree-calendar" (combine some random words) * "Boat.tree.calendar13" (you can add some symbols/numbers/spaces/uppercase to add complexity)

Some things to remember about passwords/passphrases: * Length is better than complexity. A 15 character password is much more secure than a 10 character complex password that includes numbers/spaces/symbols/uppercase/lowercase. * Better passphrases will include at least one number, at least one capital letter, and at least one symbol. * If you are limited to the number of characters in your password/passphrase, use the maximum number of characters and add complexity. * Use different passphrases for different accounts. * Never use the same passphrase for work or bank accounts that you use for personal accounts like Facebook or Twitter. * Never share your passphrase with anyone else. If you have shared it, then change it. * Never use a public computer to log into a work or bank account. * Be careful of the information you enter as a Security Question to help you reset a password. Make sure it's private information that is not readily available on the Internet or on your Facebook page. * Don't write your passphrase down. * Since passwords/passphrases are the weakest form of authentication, for those services that support it, two-factor authentication is highly recommended. Two-factor authentication adds an extra layer of security by asking for an extra component of identification on top of just your passphrase.

Use a Password Manager

Because so many of us have so many different accounts (work, bank, credit card, social networking, etc.), we tend to use the same password for all of our accounts. Ideally, we want to have a unique password for each account, but due to the large number of accounts, from a practical standpoint, that is very difficult. There are password applications that can help us keep track of all of our passwords. There are even some online services that do the same. Some good free applications include KeePass, 1Password, and LastPass. You use a single master password to access your password vault, where you store all of your account usernames and passwords. But make sure that your master password is strong and only known by you.

Helpful?

Related Articles: