Ten Tips for Stronger Passwords

Did You Know...?

  • That stolen login credentials are the number one security threat for most organizations?
  • That the twenty-five most common passwords include: password, monkey, abc123, dragon, baseball, and qwerty?
  • That two out of every three users has one or two different passwords, but at least twenty-five different accounts?

We keep more and more information online.  Not just for work, but also in our personal lives--bank accounts, credit card records, mortgages, and family photographs.  For work, we keep payroll and student records and personnel folders.  Cloud services--where all your information is stored online rather than on your desktop or laptop computers--are increasing.  In many ways online cloud security is better than your personal security on your laptop or desktop.  But it's also only as good as your password.

Here are ten tips for creating stronger passwords:

  1. DON'T SHARE PASSWORDS.  If you only take one precaution, this is the one to take.  DON'T SHARE YOUR PASSWORDS.  With anyone.  Don't share them with your coworkers.  Don't share them online.  Don't share them in emails.  ideally, if you bring your computer in for someone to work on and they need to access your account, you should change your password before you bring it in and change it again when you take it back.  Once you share your password, your account is compromised.  You no longer know when your account is used, who's using it, or what they're doing.
  2. Use different passwords for different accounts.  It's really tempting to pick one strong password and use it everywhere, but what happens if someone finds out that one password?  if it's the only one you use, they now have access to all your accounts: your bank records, your email, everything.
  3. Use passphrases when you can--or use a passphrase to create a shorter password (for example: "Four score and seven years ago" could be condensed to "4score7yrsa0").  Passphrases are among the most difficult passwords to crack.  They can also be easy for you to remember.  Passphrases can be things that are meaningful only to you (for example: "Bobby is 12 yo on 27 June.")
  4. Make sure your password isn't on the top 25 most common passwords list.
  5. Change your passwords often.  You should change your passwords at least every six months if not more frequently.  You should also not reuse a password more often than once a year.
  6. Use a password generator.  if you want a good, secure, random password, one approach is to use a password generator.  You can find good password generators here and here.
  7. Use two-step authentication where possible.  Some organizations have moved to two-step authentication.  You can, for example, opt to use two-step authenticaion for Google mail.  What this means is that in addition to your password, you will receive a code sent to your phone as a text message, a voice message, or via mobile app.  This is generally only done once on each computer (or browser) that you sign in on.  Many banks have also gone to two-step verification.
  8. Use shorthand, misspellings, adding random spaces (if allowed) or substituting characters for letters.  Sometimes you can't use a passphrase because the login doesn't allow spaces or doesn't allow more than a certain number of characters.  instead you could use the first letter and the numbers in your passphrase (for example: "Bobby is 12 yo on 27 June" could be "bi12yo27" Or "B0bbyis!12on27Jun").  Be creative.
  9. Create a password that's hard for others to guess.  And, ideally, easy for you to remember.
  10. If you must write them down, make sure they're stored securely.  In other words, don't write them down on a piece of paper and store them in your desk drawer.  Options include an encrypted file, and encrypted USB drive, or a password safe.  Or, if you have a great memory, maybe you can just remember them!