Monday, September 19, 2016

World Password Day — Password Best Practices…

This blog originally appeared on my Medium site on May 5, 2016.

To “celebrate” World Password Day, I thought I would take a moment and share some information about password best practices. But first, a quick story:

During a recent security audit by a company, it was found that an employee was using the following password:


When asked why she had such a long password, she rolled her eyes and said:

“Duh! The password policy says it has to be at least 8 characters long and include at least one capital.”

Yes, this is a nerdy security joke (or is it really a joke?), but we all struggle with the multitude of passwords that we have to remember on a daily basis. Despite that, it is still important to create passwords that are complex (strong) enough to thwart would be hackers. Here are some guidelines to consider when creating passwords:

● Passwords should be a minimum of eight (8) characters in length and use a mix of upper case, lower case, numerical characters and special (punctuation) characters. The industry best practice is to use at least three of these types of characters.

● Passwords should be changed on a regular basis. For very sensitive accounts or very exposed accounts, you should consider changing the password every 90 days (this is the best practice). Some accounts can probably stand to be changed a little less often, but it is often better to change all your passwords at the same time (or at least I find it is easier to keep them straight that way).

● Make an effort NOT to reuse your previous passwords. Reusing passwords makes it just that much easier for the bad guys to guess it. Also, try to make it a completely new password. How many of you have changed your passwords from “Password123” to “Password234”? You know you are out there… ;-)

● Consider what information is available about you on the Internet (think social media pages here). Creating a password that is your child’s name and their birthday is probably not the best. Pet’s names, family names, and special dates (birthdays, anniversaries, etc) are all pretty high on the list of things that I would try if I needed to “guess” your passwords.

● Patterns are not so great either. How many of you have the password “qwertyuiop[“? Can you guess where that came from? You would be amazed how many people use it. Along those lines, how many of you have an iPhone password that is “12345”? You know who you are, and I know several of you that use this as their password.

Passwords are generally a pain, and as we continue to expand our lives on the Internet, they will become more and more necessary for everyday tasks. As complicated as they seems to be, following some simple steps can make them more manageable, while keeping your personal information and privacy secure.


Post a Comment