8 Tips for Creating Account Passwords
Updated: May 5, 2022
Passwords are the most common means of authentication, but they only work if they are complex and confidential. Below are some tips to help you create unique passwords and recommendations of tools you can use to manage those passwords.
Don’t Make Your Password Easy
We’re all guilty of it. Creating a pin with our birth month and day or even birth year. As tempting as it may be, including birthdays, names of family members, social security numbers, and phone numbers are not recommended. Oftentimes accounts will have specific password criteria; however, it’s recommended to create a unique password that uses a combination of numbers, symbols, and both upper and lower-case letters.
The Longer, the Better
According to the National Institute of Standards and Technology (NIST), you should consider using the longest password or passphrase permissible (8–64 characters) when you can. Long-tail passwords are harder to crack so the longer the password, the better.
A common mistake that users make when creating passwords is using the network name as the password. For example, having a Facebook password set as Facebook123. If you’re guilty of doing this, it’s time to get creative! As mentioned above, use a variety of characters. For example, “Pass Go and collect $200” can be transformed to “p@$$GOandCLCt$200”.
Never Share Your Password
It goes without saying, sharing your password is never a good idea. We understand that a password may need to be shared in a workplace for several employees to have access, but if necessary, avoid sharing your password(s) with anyone.
Use Multi-Factor Authentication
In the digital world, “multi-factor authentication” means adding another layer of security. Similar to “Two Factor Authentication”, it requires more than a username and a password to login to the account. This could mean that a code is sent to the account holder’s phone number or email address via email, phone call, or text. Once the code is received, they will need to enter that code to verify their identity in order to gain access to their account. This technique makes it more difficult for hackers.
Use Different Passwords for Different Accounts
Once you come up with a memorable password that is strong, it can be tempting to reuse it—don’t! We understand that you have multiple passwords for countless accounts and creating the same login for several different accounts would make your life a little easier; however, it’s suggested you don’t. Once one account is hacked, the hacker will try the same password to gain access on all of your accounts. We understand it’s unrealistic to remember hundreds of different, unique, and long passwords which leads us to our next tip…
Use a Password Manager
Whatever you do, don’t store a list of passwords on your computer in plain text. There are several online services that can help users safeguard passwords. Services such as LastPass, DashLane, and 1Password store passwords in the cloud and secure them all with a master login. If you are uncomfortable storing passwords to the cloud, you might consider using a local password storage program on your computer, such as Roboform, PasswordSafe or Keepass.
Update Your Passwords
The Better Business Bureau (BBB) recommends that you should change your password every 30 days; however, the National Institute of Standards and Technology (NIST) states that frequent password updates don’t improve security and changing your password once a year is fine. There are some other key times when you should update your password such as:
- After a service discloses a security incident.
- There is evidence of unauthorized access to your account.
- There is evidence of a compromise of your device.
- You shared access to an account with someone else and they no longer use the login (such as an employee who is no longer with the company).
- You logged in to the account on a shared or public computer (such as at a library or hotel).
In addition to the tips listed above, it’s also recommended that you keep your operating system, browsers, and other software up-to-date, use an anti-virus software, and use caution with email attachments and links.