Tips on choosing the Right Password

We’ve been on the internet for almost 35 years, yet we still haven’t learned our lesson about online passwords. According to a recent security study, the most commonly used web passwords are things like “123456” and “password.” Sure, they’re easy to remember, but that makes them just as easy to hack. And if you use that simple password across multiple accounts—as a reported 92 percent of online users do—that puts all of your data at risk. Here are some tips for ensuring your passwords are as strong as possible.

1. Don’t Use the Same Password Over and Over Again: Passwords should be changed on a regular basis, at least once every 180 days.The primary reason is that if someone has cracked your password without you being aware of it, it makes them have to start all over again.A strong password is never reused.
2. Categorize Your Passwords: Categorize your passwords in order to minimize the number of passwords you have to remember but also to provide a barrier between systems with sensitive information and those with non-sensitive information. For example, you can use the same password for Gmail and Hotmail, but you should not use the same password for your online banking program.The password you have for your Hotmail (or other Internet email services) should be different than the passwords you use on any work-related systems.
3. Change passwords often: It is important to not reuse passwords and change your passwords on a regular basis.
4. Avoid using words found in a dictionary: Instead of people guessing passwords, now computers are guessing passwords.For this reason, if your password is made up of words found in a dictionary, it is very easy for a computer to guess it and gain access to your account.
5. Make passwords long: 8 characters long or longer is suggested.
6. Make passwords complex: Use uppercase, lowercase, special characters, and numbers.
7. Don’t re-use passwords: Try not to re-use one of your last five passwords in any form of iteration (e.g. mypassword_2017, maypassword2018 etc.)
8. Make passwords non-personal: Avoid using things like your name, birthday, current year, current season, address, phone number, pet’s name, or other information that may be on social networking profiles, public records, or otherwise easily found or guessed.
9. Watch where you store passwords: If you absolutely need to write down a password, never store it in obvious places, such as address books, Rolodex files, under drawers or keyboards, or behind pictures.The worst, but all too common location, is a Post-it note near the computer. Better locations are a safety deposit box or a locked file cabinet. Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form.
10. Be cautious when using public PC’s: Public computers may not always be securely configured pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you cannot verify the security of the computer.
11. Be cautious when asked for passwords: Don’t forget that getting passwords by manipulation of users is an example of social engineering. An attacker might telephone a user and say, “Hi. OIT here. We’re doing a security test. Can we have your password so we can proceed?” Know that any reputable company you do business with will ever ask for your password, and rarely, if ever, need to know your password in order to perform the work.