Password Best Practices

Often the disclosure of a password is no fault of our own but rather the result of a weak password, virus, website or application compromise. By following these tips you can develop a password management strategy that will dramatically decrease your overall risk if any one of your passwords is compromised. Hopefully the next time you have to create a strong password it won’t take nearly as long to think up something secure.

Password Tips and Recommended Practices

Don’t use Personal Identifiable Information in your password such as:
User name
Pet’s name
Child’s name
Alma mater
Hobby keyword
Addresses (Home or Office)

Try to use special characters such as non-alphabetic characters

Don’t use any word that can be found in the dictionary as your full password

Try to create passwords at with at least eight characters

Don’t use the same password for online banking that you use for social networking, email or online gaming

Don’t give your password to someone over the phone

Try to use a password vault application to protect and help manage your many passwords. LastPass is a good option with support for multiple platforms

Try to change your most critical passwords on a regular basis

Tips for managing passwords:

Reusing the same password in both public and private applications is a big risk to take. Yet sometimes creating a different password for every website and every application can be problematic and a headache. If this does not work for you here is a tip to reduce the number of passwords while retaining some level of logical separation and risk reduction.

Group sites and applications into different categories such as:
Private – online banking
Personal – email accounts
Public – social networking
Business – corporate email, web, and vpn access

Create a password for each category. (This control limits the impact if one of the passwords is compromised.)

Choosing the password string:
Some of us are quite creative when thinking of passwords and others of us need some help. Here are some possible strategies for creating your passwords:
Think of a phrase, quote, or song verse and select the first character of each word to create a password.

“In the middle of a difficulty lies opportunity.” translates to “Itmoadlo.” Passwords are often case sensitive and here we’ve used a capital “I” just like the start of the sentence.
Vowels can be replaced with numbers to add entropy, such as “Itmoadlo.” translates to “1tm0adl0.”

Punctuation is a good way to add entropy to your passwords as well as a little length. Note the use of the period punctuation mark in the password above. It is important to realize that the above strategy results in a password that is better than average but can still be guessed in time using today’s powerful computers. The key is to establish your own unique password creation pattern and ensure the password is of sufficient length. Password length is the most important factor in creating passwords.

Add length and in turn strength to your passwords!

Create a unique string that you can prefix or append to your passwords such as: prefix string + password = stronger password
tdr0cks! + itm0adl0. = tdr0cks!itm0adl0.
tdr0cks! + torvt11. = tdr0cks!torvt11.
The prefix string can be the same for all your passwords thus making it easier to remember. However the core password must be different for each website, application, or category. Also the prefix string must not be a single character as its common practice to brute force passwords using ! or 1 as the first or last character.

Use common but unrelated words

If the above strategies still look too cumbersome one can simply think of 4 or 5 unrelated yet common words and concatenate them together to create their passwords.

princess + toast + finance + captain = princesstoastfinancecaptain

The key to this common word strategy is picking unrelated words and building a sufficiently long password. It’s the length that really increases the password strength. Lastly it is recommended that these strategies be combined with the use of a password vault application to securely store your passwords.
*All password documented here are provided for illustrative purposes and as they are now public their use is contraindicated.

Please contact us and we would be happy to call and discuss this or any of our other services with you.