TrainACE - IT and Cybersecurity Training Blog

The Do's and Don't of Passwords

[fa icon="calendar"] Nov 6, 2016 7:14:46 PM / by Ariana Ciancio

Ariana Ciancio

shutterstock_142293394-720x400.jpgTake a moment to think about the array of passwords you have created overtime. It’s very likely that you have so many passwords that you can’t possibly remember them all, or on the reverse side, you could be someone who uses the same password for all of your login credentials. Either way your passwords could be putting your online security at risk. These days, just about every system that stores data requires a password. It is the first barrier between a hacker and sensitive information. When creating passwords, there are several rules you should follow in order to keep stored information secure. Here are a few helpful do's and don'ts for proper password management.

[highlight style="color"]Don'ts! [/highlight]

Don't use the same password on multiple accounts

If an intruder manages to gain access to one of your accounts, there's a strong possibility that they will attempt to repeat the same credentials across your other accounts. The results can be disastrous if the passwords are the same. So, play it safe and add variety to your passwords!

Don't use easy to guess passwords 

For the sake of ease, many users fall into the trap of creating simple passwords. A recent leak of Google credentials onto a Russian website showed that many people were using surprisingly easy-to-guess passwords. Some of the most common poor choices included: “password”, “12345”, “qwerty”, “welcome”, and “abc123”.

Don't use personal details in your passwords 

As much as one would like to believe that personal details are 'personal', they may not be. Using your social security number (even if it's only the last 4 digits) or a birth date to create a password can leave you more vulnerable than you think. If your attacker is someone you know, guessing that you may use a combination of a spouse or child's name for your login is quite common. The best practice is to keep your credentials random.

Don't store passwords in the browser 

Passwords stored in the browser present major security issues. If someone (other than yourself) has access to your device, getting into your saved accounts is effortless. The browser does all the work. What's even scarier is that the passwords are retrievable. With a few simple steps, that intruder could have a detailed list of all your saved credentials.

Don't keep a written log of passwords 

It's way too risky. If you were to misplace that log, whoever finds it will have access to everything written in it.

Do's

Do create passwords that are 8 characters or longer 

The longer a password is, the longer it takes to guess it.

Do create unique passwords 

Passwords that contain a combination of letters (uppercase and lowercase), numbers, and symbols are far more difficult to guess.

Do make it easy to remember 

You don't have to make a password so complex that you're constantly resetting it. A great technique for creating a new password is to base it on your personal preferences.

Example: I love sports.
New password: *il0v3sp0rts*

As long as you can remember the phrase, you can remember the password.

Do use a password manager if you're tempted to write it down 

If you're managing multiple passwords, there are several high quality password managers on the market. LastPass, 1Password and Keepass are three of the most popular systems. If you're going to utilize a password manager, here are several things to look for:

  • It generates passwords for you to use
  • It diagnoses current passwords for weaknesses
  • It encrypts login credentials
  • The password manager is protected from unauthorized users
  • It has a time-out feature if you leave your computer idle for a period of time

A data breach can spell disaster for any company. As long as you follow these tips, you will greatly reduce your chances of being hacked.

Topics: Uncategorized

Ariana Ciancio

Written by Ariana Ciancio

Need IT Certifications?
Want more info?

Call (301) 220-2802


or

TrainACE Catalog

Lists by Topic

see all