Password Best Practices

Passwords are ubiquitous these days and choosing ones that are hard to guess and easy to remember is challenging. The following tips will help make your digital life more secure.

Don’t share your passwords with anyone. Even if someone is claiming to help you, it is probably a scam. IT departments and customer service representatives know not to ask customers for passwords. If you did share a password, change it as soon as possible.

Don’t use the same password for your accounts. If hackers guess your password, you can be sure they will try it on your other accounts.

If possible, use two-factor authentication.  Two-factor authentication adds another layer of security to your account. Even if someone successfully hacks your password, he or she still needs to have access to a token that is sent to your mobile device. Read more about two factor authentication and how to enable it on many popular websites here: https://www.turnon2fa.com/.

Create long passwords. Use at least 16 characters if possible.

Passwords should be easy to remember but hard to guess.

  • Try to use sentences or phrases.  Avoid single words, or a word preceded or followed by a single number. Hackers use databases of words to guess passwords.
  • Don’t use birthdays, home addresses, or the names of your significant others. Hackers mine social media accounts for password clues.

Make your password complex.  Use upper and lower case letters, numbers, and special characters. Try to have at least one of each of these in your password.

Don’t create a document on your computer with all your passwords. Hackers can easily search hard drives for password information if they get access to your computer or mobile device.

Use a password manager. Password managers store your passwords securely and allow for extremely complex passwords which you do not need to remember. Typically, you have one master password that you need to access your entire collection of passwords. Make sure you can access them across multiple devices. If you use a password manager on a school computer, make sure to sign out before you finish. Here are some examples of free password managers: