Top 5 Password Best Practices

Posted on: June 4, 2013 | By: Christina Bonds | Filed under: Info Security, Passwords

passwordA username-password combination is the most common approach for gaining access to secure data or other resources.  For many applications and systems, this combination is the only line of defense from unauthorized access.  Creating strong passwords and keeping them safe helps to minimize the threat of them being guessed.

1.  Never write down your password

Passwords that are written down, especially near your computer, can be easily stolen.  You may feel the need to write them down until they are remembered but this is not a safe practice.  Consider someone logs in on your computer using your username and password because you had written that information down on a sticky note and placed it on your computer monitor.  Anything that person does will look like you were the one logged in and if something is done maliciously you will more than likely have a hard time proving  it was not actually you.

 2.  Use unique passwords for work and personal accounts

If your password is stolen you don’t want the person to have access to all of your accounts.  Using a different password for each of your accounts makes the hacker’s efforts more difficult.   If remembering all of your passwords seem like a daunting task, consider using a password manager to help manage your passwords.  I recommend the free password manager tool KeePass.  It is easy to use and is available for Windows and Mac users.

 3.  Change your passwords often

Passwords should be changed periodically to limit the amount of time they are useful if stolen.  If your password was guessed or obtained in another way, what information would be exposed?  If your personal information is exposed you could be at risk for identity theft.  If your banking information is made available, your money could be stolen.  If your work-related information is made available to an unauthorized user the University’s reputation could be at risk.

Consider changing passwords on a Monday morning and make yourself log in multiple times throughout the day and week to remember them better.  The worst time to reset a password?  Friday afternoons because you won’t have enough time to repeatedly use the password to help you remember it.

 4.  Avoid using dictionary words

Dictionary words are common words or names found in an English or foreign language dictionary.   Hackers use software programs capable of running through an entire dictionary to perform a common attack, known as a dictionary attack, to guess your passwords.

When it’s time to create a new or reset an old password, avoid using single words.  Instead, use a combination of words, letters and symbols to make your passwords more secure.

 5.  Consider using passphrases

Wish there was a way to have passwords that are strong but still easy to remember?  A passphrase is simply a different way of thinking about a much longer password.  Your passphrase can be a favorite song lyric, quote from a book, magazine, or a movie.  The idea is that it is a phrase and not just one word.  Add some numbers and couple of symbols to the phrase and you have a stronger, easier to remember password.  It’s really that easy.

Consider the phrase “Mary Had a Little Lamb”.  This could be easily turned into the passphrase, M@ryHadAL!ttleLam6.  This passphrase has an acceptable length, a number, upper and lower case letters, and a symbol.  It is also easy to remember.

Read Elon’s password policy for more password information.

Next Tuesday’s Topic: Securing your mobile devices

Image source


Christina Bonds

Christina Bonds, CISSP, is an Application Developer at Elon University

More Posts


Comments are closed.