Passwords really can be the bane of our modern day existence. While we all know what we ‘should’ and ‘shouldn’t’ do when it comes to passwords, most of us don’t put the rules into practice… In fact, there are still a lot of people using ‘password’ as their password…
Now, if you’re blissfully unaware of what you should and shouldn’t be doing when it comes to passwords these are the ‘rules’ that IT people like me like to layout:
| DO NOT | DO |
| • Use the same password on multiple accounts. • Use things that are easy for others to guess – names, dates etc. • Use real words or common phrases. • Write your passwords down on paper. • Share your password/s with others. • Use an unprotected spreadsheet to manage passwords. | • Use a different password for every account you have. • Change your passwords regularly (monthly or quarterly). • Use a mix of upper and lower case letters, numbers and special characters. • Make your passwords long. • Use password manager software to manage your passwords. |
We all know why these rules exist and have heard the horror stories of identity fraud, hackings and ransoms – yet most of tend to throw caution to the wind and take our chances when it comes to password management. Why? Because let’s face it, while the ‘rules’ are simple enough they are a pain in the **** to put into practice.
So, rather than write a piece simply reiterating the ‘rules’ knowing full well that most people won’t follow them, I thought I would instead put together a ‘bare minimum’ set of password rules.
1.Worry about the accounts that matter – your email, banking, facebook and sensitive information accounts
If a hacker gets into these accounts there is the potential for all sorts of horrible things to transpire. That means they need to be protected. The rules for these accounts are:
- No names, dates, places, real words or easy to guess passwords.
- Using a different password for each of these accounts.
- Changing these passwords monthly.
While the risks associated with your online banking accounts are obvious, your email account is just as dangerous – if someone can get in to your email, they’ll probably be able to reset the password on every other account you have. And, these days we often use our Facebook login to login in to other online accounts – making it a prime target for online criminals.
2. If you get an alert telling you a password has been compromised – do something about it!
Data breaches happen day-in-day-out. Chances are at some stage you will have received an alert or email advising you that one of your accounts has been impacted. When you do, you need to something about it then and there and update your password – even if it is an old account you haven’t used in donkey’s years. But, make sure that you go direct to the site, rather than click a link in the email or alert, as there’s always a chance it could be a scam – but it is better to be safe than sorry.
3. Use a password manager to keep track of your passwords
The problem with ‘strong’ passwords is that they are hard to remember. There are some great tools out there, including Lastpass and Keepass which make it easy for you to securely store and access your passwords whenever you need.
If you’re on a Mac you can also store passwords in your keychain – just make sure all your devices are password protected!
