By Tina Gravel
Working for a security company I’m frequently asked to offer best practices on security passwords. I am happy to share them with you, but you won’t be happy to learn how we have to manage our personal security processes these days. Here goes:
Use passwords you can remember but not something others would know.
For example, if you live on 25 School Street and your dog is named Skipper, do NOT use passwords with any variation of those numbers and words (e.g., <skipperschool25> <25schoolskipper>). Why not? Today’s cyber bad actors have access to inexpensive but “supercomputer-like” power to ascertain your password using simple algorithms and data that’s readily available online. It’s a 10-second search for a cybercriminal to find your address and, if you post regularly on social media, you likely will have posted a photo of your dog and his name. So avoid using words and numbers anyone could easily find out.
Here are some other bad ideas for passwords: birthdays of your near and dear, anniversaries, your favorite movie, song, etc., especially if you have listed any of these on social media or participated in an online quiz recently.
Stay away from the easy passwords like <12345>.
OK, be honest, how many of you have used that one? I won’t even say the word <password>, but some people still use it as a password! I used <password> myself in 1995.
Use a variety of letters, numbers and characters in your passwords.
Indistry best practice is to use at least three variations of the following: uppercase letters, lowercase letters, numbers and special characters (e.g., % or #) in one password. Those who believe in intention will tell you to make a statement about your desires if you want them to come to fruition. I’m not sure about that, but <TomBradyinathong12%> or <me@110lb$> are certainly good password options.
Change those tricky passwords often.
I know what you are thinking, “What? It took me 90 days to remember the last one and now I have to change it again?” Seriously, change passwords to your most sacred accounts every 90 days or sooner! If it helps you to change them all at once then do so.
Vary your passwords.
Do not make all your passwords the same. They must differ considerably so they aren’t a simple variant of the previous one you used. Remember our bad password <25schoolskipper>? Switching it up slightly as in <skipperschool25> makes is so much easier for the bad guys to figure out.
Don’t trust your browser to remember your passwords.
Saving your passwords in your browser is like handing them over to the bad guys. They actually target those because they know you keep them there. (By the way, Cryptzone’s AppGate is fantastic tool that will not allow the bad actors to look around for the company jewels if they obtain access to your password or even to your “God Users” credentials.)
Don’t leave your passwords on a sticky note on your desk.
Try a password keeper like Keeper or another key chain type product, such as Dashlane, Kaspersky, Thycotic. Or, (don’t laugh) write them down, but keep in a very secure place (i.e. not your digital desktop). You can use the one Ellen Degeneres likes too. Check it out.
About the Author
About the Editor
Khali Henderson is senior partners at BuzzTheory Strategies as well as a board member and chair of the Communications Work Group for Cloud Girls.