Creating Strong Passwords
With our ever-growing lists of passwords and the increasing threat environment, many people are unknowingly putting their valuable information at risk. Below are a few easy steps to significantly improve your information security.
Guidelines for Creating Strong Passwords
- Create complex passwords that use a combination of letters, numbers, symbols, and both upper- and lower-case characters.
- Current industry standards recommend a 20+ character password, though fewer characters may be suitable depending upon the sensitivity of your company’s information.
- Do NOT use simple nouns in your password.
- For example: “banking,” “technology,” “fiscal,” “password,” “user”
- Avoid using easily obtainable personal information in your password.
- For example: date of birth, phone number, names of family members.
- Do not use thematic passwords that could be easily guessed by others based on your social media behavior, occupation, or affiliations.
- For example: “bitcoinminer,” “TarHeelfan,” “JustinBieberforever”
- Consider using a passphrase—a long string of associated words with a specific meaning, along with random numbers, symbols, and capitalizations.
- For example: ”CriminalsenjOysteAlinginforMationfromSofttargets66295!$”
- Longer passwords decrease the likelihood that your password can be defeated by so-called brute force tools, which are able to guess millions of potential password combinations per second.
- Avoid using the same password for multiple sites or devices.
- Do not store passwords in plain view. For example: on a sticky note on your monitor
- Consider using a locally-stored password aggregator to hold your numerous, complicated passwords. Keepass, PasswordSafe, and RoboForm are free password aggregators which store and encrypt your password directory under one master password (which should conform to password best practices).
- Ensure differentiation between personal and business/corporate passwords
- Do not use the same password between personal and corporate devices
- Example: Do not use your Active Directory password for personal accounts