Do’s and Don’ts of Password Security

Do’s and Don’ts of Password Security

IT Security

Earlier this week, we discussed how making your password longer can make it more secure. It’s a great first step, but it doesn’t mitigate all the elements of risk when it comes to online security. Here are some other things you need to remember.

Do NOT write your passwords on Post-It Notes.
If you do write your passwords down on paper, destroy it once you have it memorized or store it under lock and key.

Do NOT send your passwords through e-mail, even if it’s secure.
If you need to communicate a password with someone, use a second type of access for security purposes. Send them the password in a text message, or read it to them over the phone from a secure location (i.e. not from a crowded room, train car or bus).

Do NOT store your passwords in an unprotected text document on your desktop.
A much more secure option is to use Microsoft Excel and the Protect Workbook feature to Encrypt with Password, which will give you AES-128 Encryption and is NSA approved up to SECRET level. The password you choose will be your master password, so use something completely new that you’ll never forget.

Do NOT use the same password for everything.
If you can, you should have different passwords for everything. Realistically, that’s not an option for most of us because it’s just too many passwords to remember. Create different passwords for each type of account. One password for online shopping websites. One password for social networking. You get the idea.

Do NOT use the same password forever.
In the average corporate environment, you’re forced to change your password every 90 days. We recommend doing it every month, but at least try to beat the average corporate requirement.

Do NOT assume your password is secure.
Use a site like How Secure Is My Password to check the security of your potential password. You want at least a couple hundred years of security, but you should shoot for trillions of years of more.