Skip to main content Skip to main menu Skip to footer

Password advice

Password advice

Decrease Text Size Increase Text Size

Page Article

Don't Reuse Passwords - Even if your organization has not been breached, password reuse puts it at risk.  Cybercriminals know that if a password was ever used before, it's likely to be found again.  With a solid cracking dictionary, the cyber criminal never needs to resort to brute force guessing and hashed passwords become only an inconvenience.  Cracking dictionaries and rainbow tables are commonly shared among cybercriminals.

Don't use commonly used passwords - Require every new password to be checked against a "blacklist" that can include repetitive or sequential strings, variations on the site name, and the passwords hackers are most likely to guess.

Don't use compromised passwords - Always change your passwords every 6 to 12 months, this is because new data is being stolen every day and sold.  If you have a data breach or you know your password has been compromised, then it is time for a password change immediately.  
  • It closes a glaring gap that otherwise leaves your password layer completely open to credentials exposed in third-party breaches.
  • It ensures that your passwords are unique enough to not be reversible using cyber-criminal cracking dictionaries.
  • Increase password length & simplicity - Keep passwords simple, long and memorable since longer passwords that are harder for hackers to break.  We are really bad at random passwords, so the longer the better. Length matters a lot more, which is why new guidelines call for a strict 8-character minimum and even suggested moving character maximums to at least 64. 
  • Phrases, lowercase letters, and typical English words work well. Experts no longer suggest special characters and a mix of lower and uppercase letters. If you can picture it in your head, and no one else could, that's a good password.
  • Longer passwords that are harder for hackers to break. 
Add extra security with Account Authentication: Learn more

More Tips for Making Your Password Safer:

  • Use different passwords for every account that you have. 
  • Don't use the same password or user name again.  Many online stores and even some information-based websites require that you register to use their service, and that requires having a username and password. No matter how easy it seems to have one username and password for all your Internet accounts, don't do it. If you desire convenience, create one password and user name combination that you use for all your non-bank accounts. If an online store, or any website, sends you an email confirmation that contains a new password, log in again and change your password immediately.  
  • Create a different password for your financial institution. Remember, many websites don't have the security your online financial institution does. Don't allow your password to inadvertently be revealed or misused.
  • Log off each time if using a public device or if people are around who can see your password.
  • Make sure that no one is watching you enter a password.
  • Try not to enter passwords into public computers, such as at the library. These often have malware on them that steal passwords.
  • Use security software and update it regularly.
  • Do not give your password to anyone. Though you might trust them now, there is no guarantee that they will always have your best interest in mind.
  • Avoid entering any password into a device when connected to an unsecured Wi-Fi connection, such as at a coffee shop or airport.
  • Use a minimum of eight characters and mix up numbers, letters, and symbols in the password.
  • Don't save the password on your computer.  Many modern browsers allow you to save passwords on the computer's hard drive and have them come up as you type in your username. It may be convenient, but you allow anyone with access to your computer, whether for a couple of minutes or hours, the ability to access your account. It may never happen, but don't make it easy for your account to be accessed.

Use a Password Manager

The best way to deal with password management is to make a small investment into purchasing a password management service that will store your passwords in both the cloud and your computer.  A password manager helps you easily create, store and recall passwords which makes it easier to employ strong passwords across an ever-increasing number of accounts, websites, and services.  Many of them are both a website and an app, so you have access to all your passwords regardless of what device you're on.

The best thing about these is that you will only have to remember one master password, and that will give you access to the rest of your passwords. A password generator tool that allows you to make passwords that can't be cracked. You also won't have to remember these passwords because they are all stored in the manager.

Using these password management tools is extremely easy, and you will never take the chance that you will forget a password ever again. You can easily log into any internet site with only a single click of the mouse.  These programs automatically sync your password data, so you can access them from anywhere whenever you need them. They are also safer than not having one, and they help to protect you from online fraud, phishing scams, and malware. They are also extremely secure, and all of your data is locally encrypted on your PC, and only you have the power to unlock it. Because most password managers sync your information in the "cloud" (online), you'll have access to everything, regardless of the device you're logging in to. Therefore, if you add a new password on your smartphone, and then sit down at your desktop computer later, you'll find that everything has been synchronized.

Use a password manager to store your Q&As.  Remember, your password manager isn't just for passwords. Assuming the Password Manager account is secured with a strong password itself, and with two-factor authentication, you can store answers to account questions in there, too.  

What Makes A Good Security Question?

If you do not use a Password Manager, you will want to pick a security question that is very hard to guess or find out, both for strangers and for people who know you well. Keeping in mind that you may have to answer the question a few years from now, the answer shouldn't change over time, or at least you should be able to answer it correctly in the future.

Here are 3 good security question habits:
  • Hard to guess or find out 
  • Easy to remember 
  • Doesn't change over time 
How secure are they?
For each website or app password you keep, you can choose to require the master password only or a master password and a PIN code or fingerprint (on a mobile phone or tablet) for "two-factor authentication."

But what if your phone, tablet, or laptop is lost or stolen? Can't someone access all your passwords if they figure out your "master password"? You need not worry about this as your device has to be unlocked first — that is, a person would first need to know your PIN or password — and then guess your master password, too, which is highly unlikely. And since you can log on to your password manager from virtually any device, you can log in from another machine and change your master password — just in case.

Not only do password managers let you keep your favorite passwords, but you can also lean on the app or site to create a tougher password if desired. All passwords are encrypted with Secure Sockets Layer (SSL) and AES-256, the strongest grade of encryption available (banks use 128- or 256-bit encryption).

Password managers may offer these additional features:
  • Some aren't just for filling out online passwords but can also help populate other tedious online forms, such as billing or address information.
  • Since this is a privately accessed app or website, you can often keep sensitive or important information — like notes, photos, and other files — safe and easily accessible.
  • A few of these password managers can also scan the internet (including the "dark web") for leaked or stolen personal data, and will alert you the moment your information is detected where it shouldn't be.
  • Some password managers double as a VPN, or virtual private network, which helps you remain anonymous while browsing the internet. Using a VPN hides your online activity from your ISP, search engines, advertisers, social media platforms, the government, and cyber-snooping criminals.
  • A few of these password managers can also hold a list of emergency contacts, in the event you need to provide a friend or family member access to your accounts — or if you pass away and want to leave these passwords to a trusted family member or friend.
Here's what to look for in a password manager:
  • One that can sync across multiple PCs and multiple browsers.
  • Has a smartphone app that syncs with the cloud.
  • The security of password managers is almost a nonissue at this point, as most of them have such high levels of encryption that are extremely difficult to crack.
  • The real vulnerability that you will experience when using a password manager is with your personal computer and any malware that can take a screenshot or keystrokes. Make sure that you are running virus scans and update your antivirus software to prevent infections.
  • Another thing that you can do is to use the onscreen keyboard to enter passwords instead of the keyboard itself. This helps you to avoid tracking.

Page Footer has no content