Updated: Mar 31
It all starts with a strong password. We all have more passwords than we care to have. It might sound simplistic, but strong passwords are a must for good security. Strong passwords to your web, ftp, and data servers are the easiest first step toward a secure web presence.
What Makes a Strong Password?
- A three-character password is much weaker than a six or eight character password. A good rule of thumb is never to use password shorter than eight characters.
- You should never use the default password
- Never make a word found in a dictionary your password. One of the most common methods to break into systems is to run scripts that try using dictionary words to guess your password. The less your password looks like a dictionary word, the less likely will someone guess what it is.
- Include numbers and special characters
- Avoid repeated numbers, characters or sequences such as 12345678, bbbbbbbb, or 33333333
- Never use the username, or any combination of it, as your password. Don't use your domain name as your password either.
- Don't use look alike substitutions like 4ufromme, or n0t@home
- Use the entire keyboard, and try to use the less common keys
- Use different passwords for different accounts. If you use the same password for all of your accounts, you may find multiple of your accounts compromised simultaneously.
- Never, ever use a blank password.
Examples of strong passwords are:
A combination of several words that aren't themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0)
A word with digits of a memorable date sprinkled inside it (e.g., vacation -> 0vac2a0t9io19ln99)
Keep Your Passwords Safe
Ideally, you would never write down your passwords, but it is becoming difficult to do with so many accounts. If you have to write them down, keep them locked in a safe or some other secure environment. Passwords on Post-It notes are a recipe for disaster. Don't do it!
Don't share your passwords with other, not even friends or family members. If someone has to use one of your accounts, log them in instead of sharing your password. Don't give out your password over the phone unless you have initiated the phone call. For example, you may receive a phone call from your Internet Service Provider asking for your password. Ask for their phone number, call them back, then give out your password. Telephone conversations are not considered secure. Neither are online chat, email, or instant messaging.
Change your passwords regularly. A new password every 45 days is a good practice. Having the same passwords for years is a weak security practice. Set yourself reminders in your calendar. Make it a routine procedure. You'll see that after a few months, it becomes a habit.
Avoid typing your password on public computers. Unfortunately, many public computers have been compromised, making their users vulnerable for malicious keystroke logging scripts.
If you have any questions or need assistance with taking any of these security measures, contact Micro-IT! micro-it.net