Password Best Practices

How to keep your online accounts safe

Having a strong and secure password is one of the most important tools when it come to safety online. Without a secure password, your account and information can end up in the wrong hands, or worse, published on the Internet for anyone to exploit.  

To help you understand what makes a good password, we've compiled some myths, tips, and best practices on password management below.

Password Myths

  • Should you regularly change your password(s)?
  • Are longer passwords more secure than shorter ones?
  • Are viruses and malware the biggest threat to my personal information?
  • Are password managers safe?
  • Is it safe to save my password in my web browser?

Tips for Strong Password Security

Use different passwords for different things

Using the same password for everything makes logging easy, both for you and for a hacker.  If that password is leaked or compromised, multiple accounts are all at risk!

Use unique passwords whenever possible, and especially avoid using the same password for multiple, important accounts.  This is particularly important for email accounts, which are often used for password resets. 

Try a random, pronounceable password generator

Random, pronounceable passwords are passwords made up of randomized, normal words.  These are far easier to memorize than random characters, but because of their length, can be almost uncrackable!

To use this style password, your password must be truly randomConsider using a password generator like this one.  Try generating passwords until you find one that makes you laugh - connecting your password to humor makes it easier to remember!

Consider completely random passwords, stored in a password manager

Password managers like LastPass, 1Password, Enpass, and Dashlane offer a very powerful and secure method of password protection: completely random passwords. 

To use this method, set up your password manager with a primary password that you will not forget.  Then, every time you create or change a password, use a completely randomized, 20 character (or more!) password.  

Randomized passwords of this length are nearly uncrackable.  You'll never need to memorize them - just store them in the password manager, and autofill them when needed.  As long as you remember your primary password, your accounts will remain nearly unhackable!

Put a password on your computer and a PIN on your phone

Many people save their passwords in an unlocked file on their phone or computer.  While this is a step up from the classic post-it note, this is still extremely exploitable.  The ITS Help Desk definitely recommends using a password manager instead, which is much more secure.

However, if you must use this method, set up a PIN and/or password lock your phone and computer.  That way, if it is stolen, your personal information is not at risk!

More Information

  • Changing your Password
  • Password Math
  • Social Engineering
  • Password Managers