How To Not Let Your ‘password’ Be Your Demise
Passwords are the bane of our existence in the technology world – we have thousands of them. Every server, every user account, every website has a password. Unfortunately the authentication technologies we use on a daily basis haven’t evolved far enough to eliminate the need for passwords. As frustrating as they may be – they are effective when used properly.
We’d like to take a moment to offer a friendly reminder and some advice about your passwords. We want your servers and your accounts to be safe from hackers and nosy relatives – so take a look at our recommendations and be sure you are up-to-snuff with your password-handling practices.
The Anatomy of a Password
Passwords should never, ever, EVER be human-readable, simple words like ‘password’ or ‘iloveyou’ or ‘changeme’ – these are the fastest passwords to guess. That doesn’t mean they shouldn’t be easy for you to remember, it just means you need to get a little creative.
A good-quality password should meet these criteria:
- At least 8 characters long – no less, and more is always better
- Multiple occurrences of upper- and lower-case characters – LiKEtHiS!
- Several characters that are not 0-9 or A-Z, like these: !@#$%^&*()_+{}|”:<>?
- Is easy to remember even though it’s complex
Bad Password: thisismypassword
Good Password: Th!$IsMeYEp@$Sw3rD
You can check the quality of your password here: http://howsecureismypassword.net/
Password Management
Rule #1 – don’t use the same password for more than one service/site. We know this is hard to do – but it’s worth it. Just google “password breaches” and you’ll see why.
Rule #2 – don’t write them down and stick them under your keyboard. If you *must* write them down, place them in a secure spot such as a locked file cabinet or a safe. Then be sure it’s actually locked.
To help you manage your passwords, you can use a password storage engine such as KeePass or TeamPass which will allow you to store you passwords securely and access them using a master password. When using these types of systems, it is critically important that you make your master password very complex, and that you change it frequently. While the systems are helpful, if someone gets your master password, they have access to EVERYTHING.
Rule #3 – change them often! Every 30-45 days is a reasonable amount of time. This is where a password-management system can really help you out – by having a list of all your passwords, you know what needs changes. Some of these systems also have a password expiration reminder – and will remind you every 30 days to change your password.
In Case of Emergency
If the worst-case scenario occurs where you suspect that one or more of your passwords have been compromised, do the following:
- Change *ALL* of your passwords. Really, all of them.
- Examine all of your critical systems and accounts for a breach. Be sure everything is safe and secure.
- If you suspect a system has been breached/compromised, notify the managing provider immediately as well as the authorities, if necessary.
Now Go and Get Secure
With these helpful tips you should be well on your way to securing your online presence. Now go change your passwords!