866.656.3338 sales@diversecomputing.com

What’s the Password? Best Practices for Keeping Passwords Safe

Date Posted - 2nd Sep 2013 |  Category - Common IT Headaches, Newsletter

eagentweekly

Does the following notification make you break into a cold sweat: “Your password expires in three days, do you want to change it now?”

 

 

Or perhaps you don’t sweat it at all—you simply add another number to the password you have written down on a sticky note stuck to your desk?

 

 

In our technology-rich society, we now have literally dozens of passwords to keep up with. And some of those passwords must be changed every 90 days. 

 

 

With so many passwords to keep track of, it may seem easier to go with a simple password that is easy to remember and then use that password for everything.

 

 

But that is exactly what hackers are counting on!

 

 

Your password is your first line of defense to all of your online personal information. So be sure to make this defense as strong as possible.

 

 

Here are some best practices and our expert tips on how to accomplish that:

 

 

 

1) Don’t use sequences of numbers or letters (12345678, qwerty, abc123).

 

 

2) Don’t use any word that can be found in the dictionary as your full password.

 

 

3) Don’t use one-word or common phrase passwords such as:

 

  • password
  • “welcome”
  • “iloveyou”

 

 

4) Don’t use personally identifiable information in your password such as your:

 

  • Name or user name
  • Birthday
  • Kid’s/spouse’s/pet’s names
  • Favorite sport or team name
  • Alma mater
  • Hobby keywords

 

 

5) In fact, don’t use any of the most common passwords (are any of yours on this list?) We are curious how “monkey” or “ashley” made it to the top 25 most used passwords.

 

 

6) Don’t use the same password for every account. This control limits the impact if one of your passwords is compromised.

 

 

7) Don’t give your password to someone.

 

 

8) Don’t post personal information to social media sites that allows hackers to link to your password or allow them to request a password reset to your accounts (date-of-birth, email, mother’s maiden name, place of birth, etc.).

 

 

9) Don’t forward e-mail chain letters or participate in social media “quizzes” designed to get to know you. These are usually a form of phishing in an attempt to glean personal information that can be used to hack into accounts.

 

 

10) Don’t store passwords or hints where they are easily accessible to others (that sticky note on the computer monitor, that note app on your cell phone, or that paper in your wallet or purse).

 

 

11) Don’t choose the settings that allow you to stay logged into an account, such as the check box “remember me?” or “keep me logged in,” especially on a shared device.

 

 

12) Do use the combination cocktail: upper-case letters, lower-case letters, numbers and symbols.

 

  • mysecretword = poor
  • MySecretWord = OK
  • MyS3cretWor6 = Good
  • My$3ecre+W*r6 = Best

 

 

13) Do use at least eight characters, although twelve or more is better. When it comes to passwords, size does matter.

 

 

14) Do change your most critical passwords on a regular basis, even if that application doesn’t require it.

 

 

14) When requesting a password reset, always open the email, log into the account and immediately change the newly reset password. This way, even if your email is hacked, emails containing password content are already obsolete. Better yet, delete the email and remember to empty the deleted folder too.

 

 

15) If you insist on using the same password for multiple or similar accounts, at least create separate passwords for each of the different categories:

 

  • Online banking
  • Personal e-mail accounts
  • Social media and networking
  • Business (corporate e-mail, systems, VPN access, etc.)
  • E-commerce shopping sites

 

 

 

So now you know how to create a strong password, but you’re probably thinking how the Heck are you going to remember the dozens of the passwords you need?

 

 

One idea is to do a play on your actual name (not your username), making sure you use a combination cocktail. For example, the following users may go with these passwords:

 

  • Katie Rich: “ontheMon3y$”
  • Amy Houston: “Weh^v3Aprobl3m”
  • Sharron Weaver: “Dre4mW3@ver”

 

 

If you want a password that is specific to a particular website, you could keep a particular password as your “core password” and have a portion of it that relates to the website.

 

 

For example, if you bank with Regions, one of their core branding colors is green. So maybe Katie Rich above could have her Regions password be “ontheMon3y$Green”.

 

 

 

Finally, getting back to the most dreaded of passwords… the ones that you are forced to change every 90 days.

 

 

As part of your password, you can include a serialized portion of the password. That is, part of your password that incrementally increases every time you need to change it.

 

 

So with Katie Rich’s example above, maybe she could have her initial password be “ontheMon3y$GreenAA,” where the AA portion is the serialized portion. 90 days later, she would change it to “ontheMon3y$GreenAB” (notice she changed it from AA to AB).

 

 

 

Next week, we will discuss challenges with getting employees to adopt new technology (without their kicking and screaming the whole way).

 

 

Until then, stay safe and stay TuN3d!

 


 

 

Special thanks go out to Christine Burke Massengale for being our guest writer for this week’s newsletter. Christine is a Training and QA Specialist with Hamilton County 9-1-1 ECD in Chattanooga, TN. She will be an invaluable source of information for upcoming eAgent Weekly articles, especially ones dedicated toward the technology and training requirements for dispatch/911 centers.


We have created an Advanced Authentication solution that law enforcement agencies the flexibility to utilize 4 different authentication methods for their officers. Click here to learn more, or call us at 850-656-3338.

 

Were you forwarded this newsletter and find the content useful? Then please subscribe to our newsletter here.