Password Best Practices
The best passwords are easy to remember, but hard to guess. So why are employees forgetting them at times? How do we get employees to adhere to good password practices and not write them down? The yellow sticky note stuck to the bottom of a keyboard is not a good practice follow.
Creating a strong password is easier than you think. Follow these simple tips to protect yourself online:
1) Make your password eight characters or longer and a combination of uppercase and lowercase letters, numbers, and symbols.
2) Use a long passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
3) Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
4) Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L”.
5) Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “kool” instead of “cool”. Think of multiple things you like or dislike. Combine more than one of these things together. For instance, think of a few of your favorite shows, and combine the names of lesser known characters.
Example of using the tips from above... let’s say you liked the shows “Seinfeld” and “Friends”. You can combine Newman from and Mr. Heckles and exchange some letters for numbers and characters. “MrH3kles!N3wm@n”. Note, the author of this document did not watch these shows, and does not use this password for any accounts.
6) Never share your password. Don't tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.
7) Use a password manager for keeping track of multiple passwords across multiple accounts. Make sure the password manager is also encrypted and protected. KeePass is a recommended free manager you can keep on your computer. It is available for Windows and Mac. www.passpack.com is a password manager that is hosted on-line. It has many advanced features and is available for free subscription for personal accounts.