Tips for Password Security
- Passwords should contain a mixture of letters (both lower and upper case), numbers and symbols. Long passwords are also preferred, with a minimum of 10-12 characters being a general guideline but longer passwords being recommended, especially where more security is desired.
- It can help to think of a password as a passphrase instead when creating longer passwords. By using a short sentence or phrase as the basis for a password, you can create a longer password that is still easy to remember. Whether it is stringing multiple words together in some fashion or choosing the first letter from each word in a sentence, each extra character added to a password makes it exponentially harder to crack when trying to use a brute-force attack.
- Passwords should avoid contain common words, phrases or sequences (such as “abc”,”123″,”qwerty”) or other easily guessed information such as birthdays, family members, phone numbers, etc. Attackers build up databases of such words and phrases to use in dictionary based attacks. In addition to normal words and phrases, attackers will also include in their database previously compromised account passwords from information leaked in other hacks. Common passwords will be one of the first things an attacker will try when attempting to gain access to an account.
- Avoid re-using passwords across multiple websites or platforms. Absolutely never re-use a password from an email account or an account with access to sensitive information. Once an attacker has access to your email account, they can reset other account passwords linked to that email address, as well as potentially steal your identity.
- Consider using a password manager such as LastPass, KeepassXC/Keepass or PasswordSafe to keep track of passwords for multiple accounts. Don’t forget to backup the file either! Never store the passwords on your computer unencrypted.
- Be careful about what passwords you let your web browser store. Avoid saving any information related to banking websites such as PayPal. These could be compromised if you share your computer/device, or by a malicious software infection.
- Always check for the secure padlock when logging in or signing up to a website. This indicates the connection is encrypted. Without this padlock your password might be intercepted along the way to the destination server.