How many times today will you type in that same old password you’ve been using for the last 2 years? Be honest! As an IT Service Provider, we often find ourselves reminding clients that they should change their passwords. We get it, it’s such a pain to change our passwords all the time! We agree, however…
Regardless of how we feel about changing our passwords, IT Security best practice informs us that we need to have good passwords. Part of having good passwords means replacing our stale passwords with ones that are fresh (and not recycled). This practice is critical to keeping our accounts and business assets secure. Think about how much valuable data could be accessed if someone were to break into your corporate email, file sharing, or VPN!
Here’s a Few Tips for Creating Great Passwords:
- Choose a passphrase, not a password. This means you can take a short sentence or phrase and create a password out of it. Some examples could be: StealMyCat32#, IHad32SandwichesForLunch!, or #Fish#Sticks#Are#Awesome#34 – who’s going to guess any of those passwords?
- Use this little trick to insert spaces in your password. Since most password systems won’t allow you to put spaces in passwords you can use the underscore character “_” as a space. Example: Bob_Marley_Is_My_Fave67#
- Make your passphrase/password random. Your kids names, social security number, home address, model of your car, favorite restaurant, names of your pets, or favorite colors are all things that can be easily guessed with a little social engineering.
- Do NOT share your passwords. Don’t hand your password out to colleagues or friends. The point isn’t that you don’t trust them – the point is that you don’t know if they will write down the password on a yellow pad or sticky note and leave it hanging somewhere where it can be stolen. This is a top reason accounts get hacked!
- Don’t use the same password for everything. Use distinct passwords for every login or service. This prevents a single compromise from affecting everything. The only exception to this rule is typically corporate single-sign-on solutions (but they usually have other authentication mechanisms for protection).
And finally, the gold nugget tip of How To Create Great Passwords is…Do Not Write Them Down. Like I said before, we get it. It’s such a pain to change our passwords all the time! And this last tip is why. We’re supposed to have a different password for every account or service we use AND we are supposed to change these passwords often AND we’re not supposed to recycle old passwords AND…who’s got the memory for all this? So yes, you do have to write down your passwords somewhere, but follow these additional tips when you do.
- Don’t write all your passwords on a sticky note and attach it to your monitor. Try a private notebook or the last page of your favorite book.
- Consider using your own code to create a pattern that others won’t easily decipher. As an example, abc123 becomes cde345 (where the offset for the coding is +2). This would mean that each subsequent character is two alphabetical or numeric characters greater than the actual password character.
Yes, it’s a pain to create new passwords and keep them difficult to guess but it’s a necessity. It’s for the same reason you lock your doors. If you make it difficult to break into your car or house most criminals will move on to an easier target. Think of password management the same way. #G00DLucK_&_h@VE_fun!!!