Password Best Practices

Usually not a day goes by where we do not see at least one client machine with a password written on a post-it note or labeled to the bottom a keyboard. While never a good idea these practices are potentially far more harmful than the user suspects. 

The reason for this is that a significant number of people still use one or a few passwords for multiple sites. So by basically making your password available to the office you could be making the password to your banking or online shopping sites available as well. (Adding a few numbers to the end does not make it a “new” password either!)

A few suggestions for better password security:

• Don’t write down your passwords. You would be surprised to find out how many networks have been compromised because of passwords that were written down. If you must write your passwords down, either because they are difficult to remember or change frequently, make sure you keep the list in a very secure place.
• Don’t use plain words for passwords. If it’s in the dictionary, it’s not a password. Crackers can use software that automatically tries every word in a dictionary file. If you use a plain word, such as horse, they can easily crack it.
• Don’t use personal information as passwords. In the modern world of social media someone can easily acquire the names of friends, kids, pets, and other personal information.
• Consider using computer-generated passwords that consist of random strings of letters and numbers. These are harder to remember, but they are more secure.
• Never tell someone your password over the phone. Companies never contact their customers and ask for passwords over the phone.
• Change your passwords periodically.  Monthly or as often as you can.
• Finally consider a password manager such as LastPass or OnePassword.  These allow you to use incredibly complex passwords without the burden of needing to remember each and every one.