Password Security

password lock

Passwords are the first line of defense against cyber criminals.

Create Strong Passwords/Pass Phrases 

The days of solely focusing on password complexity are over.  A good password is one that is easy for you to remember, but difficult to guess. The following tips will help you in creating a strong, memorable password:

  • Longer is stronger. The best passwords are at least 10 characters in length. Include some capitalization and punctuation.
  • Use a phrase. Pass phrases are easy to remember, but difficult to guess.  If the service will allow, use spaces as special characters for added strength. This also makes the phrase easier to type.
  • Misspell a word or two.  Make a note of what was misspelled until typing the pass phrase becomes a habit (usually within a few days).
  • Consider using a nursery rhyme, movie quote, or song lyrics, and then put a twist on it.

Protect Your Passwords

  • Never share your passwords with others.
  • Change your passwords periodically. If you have been compromised, change your passwords IMMEDIATELY.
  • Don't enable the "remember password" function on websites. 
  • Use a unique password for each of your important accounts. Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office: if a criminal gains access to one, all of them are compromised. It may be less convenient, but picking multiple passwords keeps you safer.

Use a Password Manager

Having to memorize numerous, long, complex passwords can be difficult. Password managers are a great tool that can generate and store passwords for you.

If you choose to use a password manager, you'll still have to remember at least one thing: your master password. Be sure to make it extra-secure and composed of at least 12 characters to ensure that it's not vulnerable to attack.

Enable Multi-Factor Authentication

Any time a service like Gmail, Facebook, or your bank offers "two-step" or "multi-factor authentication," use it. Passwords are no longer enough protection, especially for sensitive information. Multi-factor authentication (MFA) puts an extra layer of security on your accounts by requiring something you know (e.g., password) and something you have (e.g., cell phone receiving text message with additional code verifying your account).