Creating a Secure Password
Your password is more than just a key to your computer or online account. It is a gateway to all of your important information. If your password falls into the wrong hands, a cybercriminal can impersonate you online, access your bank or credit card accounts, sign your name to online service agreements or contracts, engage in financial transactions, or change your account information. Unfortunately, many users are still not taking the necessary steps to protect their accounts by using strong passwords. Far too often, passwords with simple combinations (such as 123456, password, qwerty, or abc123) are being used. In other cases, people simply use their pet’s name or their birth date — information that can be easily found online, such as on a Facebook or genealogy page.
How to Create Secure Passwords:
Cybercriminals have developed programs that automate the ability to guess your passwords. To protect yourself, passwords must be difficult for others to guess but, at the same time, easy for you to remember. Here are some recommendations:
- Passwords should have at least eight characters and include uppercase
and lowercase letters, numbers, and symbols.
- Avoid words and proper names, regardless of language. Hackers use programs that try every word in a dictionary.
- Don’t use personal information — names, birthdays, etc., that someone might already know or easily obtain.
- Change passwords regularly — at least every 60 days. If you believe your system or an online account you access has been compromised, change your passwords immediately.
- Use different passwords for each account you have.
- Make sure your work passwords are different from your personal passwords.
Protecting Your Passwords:
- Do not write down your passwords. If you need to remember your passwords, write down a hint to a password, but never the password itself. Store the hint in a safe place away from your computer.
- Do not share your password with anyone — attackers may try to trick you via telephone calls or email messages into sharing your password.
- Do not reveal your password on surveys, questionnaires, or security forms.
- Decline the “Remember Password” feature in Web browsers.
- Always remember to log out when using a public computer.
- If you need a utility to store your passwords, an “electronic vault” may be a viable option. When deciding which password manager/electronic vault to use, look for programs that use powerful encryption algorithms, keylogger and phishing protection, and lock-out features. (Please Note: The MS-ISAC does not endorse any particular password vault or software for storing passwords.)
- At work, follow your organization’s password policy.
Resources for More Information: MS-ISAC Newsletter – Challenge or Secret Questions:
US-CERT – Choosing and Protecting Passwords:
http://www.fsbwc.com/external-link-disclaimer/?http://www.us-cert.gov/cas/tips/ST04-002.html US-CERT – Supplementing Passwords:
http://www.fsbwc.com/external-link-disclaimer/?http://www.us-cert.gov/cas/tips/ST05-012.html Purdue University – Password Manager Software:
http://www.fsbwc.com/external-link-disclaimer/?http://www.purdue.edu/securepurdue/docs/policies/PasswordManagerSoftware.pdf Microsoft®: Create Strong Passwords: