Password Best Practices
Password Tips and Recommended Practices
Don’t use Personal Identifiable Information in your password such as:
Addresses (Home or Office)
Try to use special characters such as non-alphabetic characters
Don’t use any word that can be found in the dictionary as your full password
Try to create passwords at with at least eight characters
Don’t use the same password for online banking that you use for social networking, email or online gaming
Don’t give your password to someone over the phone
Try to use a password vault application to protect and help manage your many passwords. LastPass is a good option with support for multiple platforms
Try to change your most critical passwords on a regular basis
Tips for managing passwords:
Reusing the same password in both public and private applications is a big risk to take. Yet sometimes creating a different password for every website and every application can be problematic and a headache. If this does not work for you here is a tip to reduce the number of passwords while retaining some level of logical separation and risk reduction.
Group sites and applications into different categories such as:
Private – online banking
Personal – email accounts
Public – social networking
Business – corporate email, web, and vpn access
Create a password for each category. (This control limits the impact if one of the passwords is compromised.)
Choosing the password string:
Some of us are quite creative when thinking of passwords and others of us need some help. Here are some possible strategies for creating your passwords:
Think of a phrase, quote, or song verse and select the first character of each word to create a password.
“In the middle of a difficulty lies opportunity.” translates to “Itmoadlo.” Passwords are often case sensitive and here we’ve used a capital “I” just like the start of the sentence.
Vowels can be replaced with numbers to add entropy, such as “Itmoadlo.” translates to “1tm0adl0.”
Punctuation is a good way to add entropy to your passwords as well as a little length. Note the use of the period punctuation mark in the password above. It is important to realize that the above strategy results in a password that is better than average but can still be guessed in time using today’s powerful computers. The key is to establish your own unique password creation pattern and ensure the password is of sufficient length. Password length is the most important factor in creating passwords.
Add length and in turn strength to your passwords!
Create a unique string that you can prefix or append to your passwords such as: prefix string + password = stronger password
tdr0cks! + itm0adl0. = tdr0cks!itm0adl0.
tdr0cks! + torvt11. = tdr0cks!torvt11.
The prefix string can be the same for all your passwords thus making it easier to remember. However the core password must be different for each website, application, or category. Also the prefix string must not be a single character as its common practice to brute force passwords using ! or 1 as the first or last character.
Use common but unrelated words
If the above strategies still look too cumbersome one can simply think of 4 or 5 unrelated yet common words and concatenate them together to create their passwords.
princess + toast + finance + captain = princesstoastfinancecaptain
The key to this common word strategy is picking unrelated words and building a sufficiently long password. It’s the length that really increases the password strength. Lastly it is recommended that these strategies be combined with the use of a password vault application to securely store your passwords.
*All password documented here are provided for illustrative purposes and as they are now public their use is contraindicated.