Important Password Security Guidelines

We have a lot of passwords these days used for everything from online magazine subscriptions to logging in to check our healthcare information. We trust many others with sensitive information and the only thing between us and that information is often, only a password.

Protecting that information is critical. Following are some guidelines regarding passwords and protecting them as well as the information they protect:

• Don’t use words commonly found in any dictionary for your passwords. This includes dictionaries of foreign languages and slang terms and phrases. If you are thinking of substituting an “O” with a zero, don’t bother. The bad guys know about that trick. Spelling words backwards or with common misspellings; they know those too.

• Never include personal details in passwords such as your name, child’s name, birthdates, address, or even pets. Those are not all that difficult to find out, so don’t make it easy on someone with ill intentions. 

• When your password recovery options ask which questions you want to choose, pick ones that are not obvious and few people know the answers to; better yet, make things up. Just don’t forget your answers, if you choose this strategy.

• Several studies have found out that using default passwords that come with devices is still very common or using simple ones such as “12345” or “qwerty.” In fact, SplashData found that in 2014, out of 3.3 million passwords checked, 20,000 of them were “12345.” The number 2 password is “password.”  Be more creative than this.

• Password reuse is common, but a bad idea. This means using the same password for multiple accounts. Yes, using so many different ones may seem daunting, but it’s important. It’s particularly critical to make sure your social media, healthcare, and financial account passwords are completely different from one other and from everything else. 

• When using public computers, in a hotel business center or internet café when traveling for example, make sure that the box to remember your password is NOT checked. If it is, then someone may use the computer after you and get access to your account.

• If you are sitting in a coffee shopping enjoying a cup of joe and decide to check out the Internet using their free wireless, avoid logging into any accounts that have sensitive data, including your work accounts. Hackers are often found in these places using programs to intercept passwords. If you need to check something and it can’t wait till you get to a secured location, use the data network on your smartphone rather than the wireless. If you're logging into your office, use a VPN.

• It may seem obvious, but it happens a lot. Don’t tell anyone else your passwords. This includes anyone from your IT department. 

• Make it a routine to change passwords to online accounts regularly. It is recommended to do this at least once every three months.

• Don’t write passwords down and leave them out for others to see. If you must keep track, it is understandable. Just keep them separate from the computer and out of view. It’s better to create a clue sheet to help trigger your memory of the passwords, rather than writing them out.

It’s OK to have online accounts. They are convenient and help us stay on top of information and help us do our jobs. Just keep basic security guidance in mind when using them. 

© Copyright 2016 Stickley on Security