Although it should be a matter of common sense, people tend to overlook best practices for the sake of convenience.

1. Create unique password every time. When you are changing a password for an existing account, it should never be the same as the previous password. Also, do not use incremental passwords when changing it. i.e password1, password2, password13, password14, etc. If ever an old password is leaked to the internet and your account would be compromised in a minimal number of tries. A new password should be distinctly unique, and strong (random, Mixed Case Letters, also containing numbers and symbols).

 


2. Change your passwords once every 6 – 12 months. Since passwords have a fixed length (commonly 8 -16 characters), a brute-force attack to guess the password will always succeed if enough time and processing power is available to the attacker. So, it is only a matter of time before your password is compromised, no matter how secure it may be. It is therefore always recommended to change the passwords frequently. Schedule an recurring appointment on your calendar to change your passwords once every 6 – 12 months.

 


3. Never keep the same password for different sites. It is very tempting to create one set of passwords for all your email accounts, another password for all the banking sites, another password for all the social networking sites, etc. It is very important to keep unique passwords for each and every one of your accounts. If you have trouble remembering more than one password (and who doesn’t) then by all means use a Password Manager to keep track of them for you.

 


4. Never send your password in an email.  It is a common Phishing scam for hackers to send emails as a support technician asking for your username and password through email. Legitimate website or organization will never ask you for your username and password. Likewise, email accounts can be forwarded or compromised, resulting in your password sent to a trusted person being compromised as well.

 


5. Change passwords immediately when they are compromised. If ever you have the slightest suspicion that your password has been compromised, change it immediately! Don’t waste a single minute thinking about it.

 


6. Don’t use the “Remember password” option on the browser without setting a Master Password first. It is a temptingly useful feature of modern web-browsers to offer to store your username and passwords. You certainly can take advantage of this feature but only if you have enabled the “Master Password” option. For example: If you do not set master password on the Firefox browser, anybody who uses your Firefox browser (or any malware or virus that affect your computer) can see (and use) all the passwords that you have previously stored. Also, be very careful with this option when using a computer that doesn’t belong to you and always choose “Not Now” in the remember password pop-up.

 


7. Don’t type your password on a computer that does not belong to you. If possible, don’t use someone else computer that you don’t trust implicitly to login to any website, especially to very sensitive websites such as financial institutions. It is a very common practice for hackers to use keyloggers that will log all the key strokes on a system, which will capture everything you type including the passwords. Even if you do trust the person, resist the urge to enter passwords to sensitive accounts as their device may be infected with malware or viruses that have installed a keylogger.This same rule applies when using a device connected to Wi-Fi that doesn’t belong to you. It is a trivial matter for a malicious person to monitor internet activity over Wi-Fi and capture your usernames and passwords. If you have to login to an account over Public Wi-Fi be sure that your connection is encrypted before doing so.

 


8. Never write down your passwords. Creating a very strong password and writing it down on a paper is almost as bad as creating an easy to remember weak password and not writing it down anywhere.  It is an all too common practice for people to write down their passwords and keep it somewhere next to the computer. You should never write down the password on a paper. Papers can be lost, they can be read by others (including visitors, on-site technicians, and even by hackers if you have a webcam). If you want to carry your password around with you all the times, consider using a password manager that runs from USB stick.

 


9. Don’t share with anyone. Although we are taught as children that sharing is good, sharing your passwords is bad. Passwords are like underwear, you really shouldn’t share them with anybody, under any circumstances. And by “anybody” this includes family members, spouses, and children. It’s not a matter of trust (or lack thereof) as much as it is a matter of safety and security.

 


10. Don’t type your password when someone is looking over your shoulder. This is especially very important if you type slowly and search for the letters in the keyboard and type with one finger, as it is very easy for someone looking over your shoulder to figure out the password. If you wouldn’t let someone look over your shoulder when entering your Credit Card PIN number into an ATM, why would you want someone looking over your shoulder when entering your password?

Posted in: Passwords