Password Safety Tips

Practicing password safety is becoming more challenging. Computer users may have dozens of passwords for many different types of software.

At your place of employment, you may use passwords for accessing secured databases, your local workstation, web-based information sources and accounts. Each of these may require unique password safety rules.

In addition, your employer may have specific policies which require you to change your passwords at specific time intervals, making memorization a challenge.

At home, a single computer user doesn't usually require a password to log on to their computer. However, if several people use the computer, then password use is more likely, especially for personal email accounts or websites.

Here are some tips for making your passwords more secure. The more secure a password, the less likely someone will be able to "crack" it. Using password safety techniques will help keep your computer and your files safe.


How to Create Strong Passwords

Choose a password with the following criteria:

  • At least 8 characters in length
  • At least 1 number
  • At least 1 special character like & or *
  • Both upper and lowercase characters.

Passwords with difficult combinations make it harder for password cracking tools to figure out your password.

I also think that using a phrase for my password makes it strong but easy to remember. For instance, if I used the first letter of each word of the phrase "I moved to New York in 1976!", my password could be "ImtNYi76!".

Don't use personal information such as birthdays, children names, or first and last names when creating a password. Avoid using words or phrases that could be found in a dictionary or easily guessed.


Password Safety 101

Don't share your password with others including your spouse, children, Help Desk personnel or System Administrators at work. IT professionals at your job or Internet Service Provider (ISP) will not normally ask you for your password.

If the IT professionals at your job need it, give it to them in person and ensure you change it as soon as they are done with their task. You may even want to change your password first to something generic, give the IT person THAT password, then change it back when they are done with their task.

Be aware of a common tactic used by hackers, in which they call up unsuspecting users and pretend to be from the computer support staff. This is more likely to happen in very large companies where users might not know everyone on the IT staff.

Another tactic is to send a legitimate looking email asking the user to type their password into what looks like a legitimate site; this practice is known as "phishing." Be aware that a legitimate businesses will NEVER ask you to submit personal information via email.

Also, be vigilant.. these phishing scams are not easy to spot. I make my living as an email administrator, and I was almost taken in by one of these scams. The email was supposedly from my AT&T Internet service account. I pay it each month on one of my credit cards. The email was "notifying" me that my credit card had expired and that I needed to update my credit card information to continue my service. There was just enough truth in the way the email was written that I actually started to click on the button to do it. Thankfully, my brain kicked in and I caught myself before I made the blunder.

If you use the web to access important personal information, such as online banking or health records, ensure that the website offering the service uses some type of secured method of encryption.

You can determine this by checking to see that the website's address (URL) begins with an "https://" (Note the extra "s").

Also, look for a yellow lock in the bottom right hand corner of the website page. That's an indication of SSL security being enforced.



Managing to Remember All Your Passwords

If at all possible, you should memorize your passwords. However, if you have multiple passwords from work, home, online business ventures and the bank and you don't have a photographic memory, you may be forced to write them down and put them in a safe place.

Use a password management application like Password Safe, a free application which allows you to store passwords for extra password safety. I use Password Safe and it works pretty well, because I only have to remember the password for the Password Safe database. All my other passwords are stored inside of that database.

Windows will also keep track of passwords for you, and automatically fill in your password for you each time you visit a website. This works for home systems in which you don't need to hide account information from anyone, but not such a good idea for the work environment. I wouldn't recommend this tactic on any machine that a stranger could access.

If you decide to write your passwords down, use your own "encryption" system.

Set up some kind of easy key that only makes sense to you, like substituting certain letters for numbers or writing the password down using the beginning and/or ending character and an "x" for all the other characters. Since you know what the password is, all you need is the hint of the first character. Or use an indirect "reminder". If your password is your grandfather's middle name, you could just write down "middle pop".. Only you would know what that meant.

I hope these password safety tips will assist you keeping your personal information safe.



Done with Password Safety, take me back to Computer Tips