Password security is a hot topic and we want to help you protect your information (especially when it comes to things like your online banking), so we have complied 9 DOs and DON’Ts to help you keep your passwords secure.
1. DON’T share your passwords with anyone.
-
- A company should not be requesting your passwords. If someone is calling claiming to be a company you do business with and saying they need your password, it is a scam. For example, the bank will never call you and ask you for your online banking password. Rule of thumb, DO NOT give a password to anyone who calls you.
2. DO use a longer password.
-
- The longer the password the better. Best practice would ideally be to make your password the maximum length allowable. This is because a longer password takes significantly longer than a short password for a hacker or AI system to crack. According to Hive Systems, no matter how complex your password is, if it is 8 characters or less, it could be cracked in less than a hour. However, if your password is 18 characters long, in all lowercase letters, it would take 2 million years! That’s quite the jump. See why it is recommended to make it longer? Bonus points if it’s 18 characters long, has upper and lower case letters, special characters AND numbers because that would take 438 TRILLION years to crack.
3. DON’T use the same password for multiple websites.
-
- Although this makes remembering passwords more difficult, it will make your life much easier if you have a password compromised in a breach, because then you won’t have to change your password on multiple sites, just the site that has been compromised. See #9 for an idea to help you keep track of passwords.
4. DON’T use the same passwords for work and personal.
-
- This puts you at risk because if your work password is compromised then you have to change all of your personal passwords, or vice versa.
5. DO use sentences as passwords.
-
- Choose a long sentence you won’t forget and use it as your password. (example: “I love winter” could be IL0v3w!nt3r – ps this password would take 34 years to crack according to Hive Systems)
6. DON’T use dictionary words.
-
- If you are using a dictionary word, in your sentence, add a special character or number (ie instead of Password, use P@ssw0rd, though using a variation of password isn’t suggested)
7. DO use multifactor authentication.
-
- If a website or app allows you to utilize MFA, use it! This keeps your accounts even more secure.
8. DON’T save your passwords in your browser.
-
- According to LastPass “Very few people ever log out of their browser profile after finishing a browser session. Unfortunately, that means passwords are decrypted and available for anyone with direct access to the device or via malware that can log in with the user’s profile.” A much more secure option is explained in #9.
9. DO use a password keeper.
-
- Third Party password managers, like 1Password, LastPass, Bitwarden, Keeper, and NordPass, are a great option for storing your passwords. They also help with security, because they let you know if one of your passwords has been compromised, as well as letting you know if you have set a strong password. They can also help by generating a strong password for you.