Password Guide

A Guide to Passwords

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months” – Clifford Stoll

I saw this quote which I liked.  The only thing I might improve on to strengthen passwords is to change them every 30 or 45-days not six months.  That was the rule I had to abide by when I worked in the corporate world.  Passwords were created randomly by the IT department not the individual.

The basic dilemma everyone has is whether you should provide a weak password that is easy to remember or a strong password that is hard to remember. The truth is you should stick with passwords that are at least 8 characters in length. The more characters the better.  Passwords should contain a combination of upper and lower case letters, numbers, and special characters.

Just following these rules will be a huge improvement and instantly make your passwords much stronger. If your banking website passwords don’t follow those rules, I strongly suggest that you change those passwords immediately.

Strong passwords are hard to remember. So, as part of creating a strong password you need a reliable way of remembering the password. Use a password management tool to store passwords anytime you create or change a password.  One such tool is Password Dragon  a free, easy and secure password manager that works on Windows, Linux and Mac. It can also be launched from a USB drive too. A second tool which also works on iPhone and Android is Dashlane. It is free and paid versions. The paid version of Dashlane syncs to all your devices and also backs up to the cloud.  Dashlane is also available in Android and for the iPhone too. There are many free password manager tools available, choose the one that best suits your needs.

Avoid the following in your passwords:

  1. Never have passwords that are the same as your username or part of the username, names of family members, friends or pets.
  2. Never use personal information about yourself or family members. This includes the generic information that can be obtained about you very easily, such as birth date, phone number, license plate number, street name, apartment/house number etc.
  3. Sequences like consecutive alphabets, numbers or keys on the keyboard such as abcde, 12345, or qwert.
  4. Never use dictionary words with a number or character in front or back or real words from any language.
  5. Never use words found in the dictionary with number substitutions for letters like replacing the letter O with number 0 such as in passw0rd including in reverse sequence or with a number in front or back.

All the following points are nothing new and common sense. But most of the time, we tend to ignore these items.

  1. Create a unique password every time. Don’t use password1, password2 or repeat the previous password.
  2. Schedule a recurring appointment on your calendar to change your passwords once every 6 months.
  3. Don’t write down your password unless you put it in a lockbox.
  4. Don’t keep your password next to the computer like on a post-it note below the mouse pad or keyboard.
  5. If you want to carry your password use a password manager tool that runs from a USB stick.
  6. Don’t share your password with anyone including your friends and family, co-workers, not even your manager, (except if required).
  7. Teach your kids about online safety and not sharing their passwords with anybody (except you).
  8. Never keep the same password for two different websites sites. Avoid the temptation to create one set of passwords for all your emails, another password for banking, and another password for social networking sites.
  9. Don’t type your password when someone is looking over your shoulder. It is very easy for someone looking over your shoulder to figure out your password.
  10. Never send your password to anybody in an email because sometime hackers send emails as a support person and asking for your user name and password through email. Legitimate websites or organizations will never ask you for your user name and password either via email or over telephone.
  11. Change your password immediately whenever you suspect they are compromised.
  12. Don’t use the “Remember password” option on the browser.
  13. Don’t type your password on a computer that does not belong to you especially to very  sensitive websites such as banking.