Password best practices
If you have an internet-connected device, like a computer or smart appliance, you also have several passwords to remember and manage. Passwords guard the gateway to your personal and confidential information. They can be the easiest form of computer security to implement, but they can also be the weakest link in your security arsenal. How you create and manage your passwords can be the difference between being hacked and scammed or remaining secure.
Watch the video | Password best practices
Let’s look at what makes for a strong password and how you could manage the inventory of passwords under your control.
Best practices
- Create a strong password. Passwords should have at least 12 characters and include uppercase and lowercase letters, numerals and symbols. Do not use personal information in your password, such as your name, a family member’s name or pet’s name.
- Make a unique password for each login. It’s tempting to re-use a password; after all, how many unique passwords can one person remember? But doing so sets you up for disaster. Instead, make use of password generators and managers to develop more complex passwords and safely store them for you.
- Don’t save usernames, passwords or credit card information in your browser, and periodically clear your offline content, cookies and history. Set up multi-factor authentication whenever possible. This could be as simple as receiving a code that you have to type in.
- Don’t let retailers store your login and password. It’s a hassle to re-enter your login and password each time you visit your favorite online retailer, but not as big a hassle as having your personal information stolen.
- Never share your passwords with anyone. No reputable company will contact you to ask for your password. And no matter how much you may trust your friend, you don’t know their security practices.
- Change the password to your financial institution regularly. Whether it’s every 60 days or twice a year, the important thing is to keep changing it. If you believe your account has been compromised, change your password immediately. And don’t recycle old passwords.
How to create a strong password
With a little creativity, you can create passwords that are relatively easy to remember but difficult to hack or guess. Cybersecurity experts recommend three techniques:
Make it long: One way to make a strong password is to make it long. You could use a phrase that would be easy for you to remember, but difficult for a stranger to guess. Don’t use book titles, song lyrics or common phrases. Instead, use something from your personal life. It should be at least three words long and include capital letters and at least one symbol, like an exclamation mark or question mark.
Use a coded phrase: Using a combination of letters, numbers and special symbols, you can create coded words and phrases that are meaningful to you. Consider the following:
- 1!f8yl@Nd2!f8yC – (One if by land two if by sea)
- W!1Dg00$e(h@$e – Wild goose chase
- $#0rtW0r)sR8e$t – Short words are best
- 1^^4lle@rz – I’m all ears
Use a password generator: A password generator is a software tool that automatically creates random passwords. There are some excellent password generators that you can buy, but there are also free versions that may be enough for the typical home user. As always, be cautious and thoughtful about what tools you choose.
The problem with maintaining an army of passwords – each one unique – is remembering them. You could write them all down on a piece of paper, old-school style. That’s great as long as you keep that paper in a secure, fire-safe location and remember where it is. Or you could store a list of passwords on your computer, but cyber security experts don’t recommend that. If a bad actor gets access to your computer, they also will have access to all your passwords.
Instead, security experts recommend using a password manager. Password managers – which often come bundled with password generators – will store your passwords for you. The best ones will sync your passwords across multiple devices and operating systems.
Like password generators, there are paid and free password managers. Bit Warden offers a free plan that works with almost any device and browser and offers cloud-based syncing across all supported platforms. KeePass is another free password manager. It offers an offline mode that you can use on a desktop or from a thumb drive.
If you want to pay for a password manager, you can find versions that will store your credit card information, IDs and receipts; notify you if one of your passwords has been involved in a data breach; offer 2-factor authentication; and more.
Whether you choose a free manager or pay for one, the most important thing is to be password aware and follow the best practices for creating and managing your passwords. Start there and you’ll be way ahead of most cyber criminals.
Watch the video | Password best practices
« Return to "Fraud protection" Go to main navigation