• Insights

Best Practices for Passwords

John Kogan

2 min read

All Insights

Passwords are annoying. These days we need a password for every aspect of our lives, and an effective password can be difficult to create. Once we’ve come up with a password, we can be reluctant to update it for months, even years.

For a long time, some have argued for the need for longer passwords over short, complex ones. The idea behind this argument is that short passwords are far easier to crack. Have you ever considered using a passphrase for your password? If you haven’t, now may be the time to consider it.

What is a passphrase?

A passphrase is a sequence of words or other text used to control access to a computer system, program, or data. A passphrase is similar to a password in usage but is longer, giving it added security.

Creating a Passphrase

When creating a passphrase, you simply choose a phrase or sentence instead of a word or set of characters. Most password systems don’t allow the space character, so you’ll typically capitalize the first letter of each word instead. The key to creating a strong passphrase for a given website is to use something that’s meaningful to you but that wouldn’t be easily guessed.

Overcoming a Character Limit

Occasionally, you’ll find a site whose password length limit makes using a passphrase tough. In that case you might consider boiling down the passphrase to just the first letter from each word, retaining any digits or special characters.

Recommended Best Practices

Okay, now that you have considered using a passphrase for your password, let’s review some best practices you should follow regarding passwords.

  • Don’t write down your passwords. You would be surprised to find out how many networks have been compromised this way. If you must write your passwords down, either because they are difficult to remember or change frequently, make sure you keep the list in a very secure place.
  • Don’t use  a single plain word for passwords. If it’s in the dictionary, it’s not a password. Hackers can use software that automatically tries every word in a dictionary file. If you use a plain word, such as “horse,” they can easily crack it.
  • Don’t use personal information as passwords. Hackers can easily guess the names of friends, kids, pets, and other personal information. That includes birth dates and phone numbers, too.
  • Consider using computer-generated passwords that consist of random strings of letters and numbers. These are harder to remember, but they are more secure. Randomly mix upper and lowercase letters within your passwords.
  • Consider using a passphrase as discussed above.  Use special characters to make it even more complex (e.g., I love my jOb $O much!).
  • Don’t reuse a password; select a new one for each account. If you use the same password across several accounts, they could all be compromised.
  • Never tell someone your password over the phone. Companies should never contact their customers and ask for passwords over the phone. Hackers have been known to pose as tech support personnel to obtain passwords from unwitting customers.
  • Change your passwords periodically, every few months or so.
  • Make passwords sufficiently long so that they will be difficult to crack (try a passphrase). A minimum of eight characters, preferably ten is a good rule of thumb.