Password Guidelines
Description
Passwords. Everyone has at least a few to keep track of, and probably more than that. Unfortunately, in an ever-more digital world, that is a fact that is unlikely to change.
We all know that passwords are a security measure, but what does that really mean? Think of the thing being protected as something of great value to you (if you don’t already). Maybe it’s your brand-new sports car or that home/castle where you like to stay safe and shut out the weather and other nastiness outside. Your passwords are the keys to all of those things. That makes them equally important to you, does it not? Data, especially data that identifies a person or allows access to accounts, is among the most valuable and easily compromised items around, with all of the interconnectedness of our modern world.
Here are some guidelines for the care and feeding of your passwords:
DO NOT SHARE THEM CARELESSLY
Do not write them on a sticky note and post them near where they will be used, or which could be lost or taken by any passer-by.
Do not put them underneath your keyboard. That’s one of the first places someone looking to get into your password-protected items will look!
DO look at and select a password vault of some kind to store them in, whether it be physical or software, and be sure to lock that, and update it every time a password is changed. A good software vault is Bitwarden. If you choose to use a software vault, make sure you record its password in a safe place. Passwords (keys) that are stuck in a vault that you cannot open aren’t terribly useful!
CHANGING PASSWORDS (Only change them when there is a reason)
If it is a shared password, and one or more people who legitimately had access to it no longer should, it’s probably time to change your password, unless you prefer leaving the pathway to your valuable item(s) essentially wide open.
If you have had the same password for something for a long time, and have used it at all, it is probably time to change it. Bored people LOVE puzzles because they give them something to do. Unchanging passwords are just asking for someone with nothing better to do to crack them.
If there is no access to the password, or what it protects, there’s little need to change it. For example, that password vault that you don’t let anyone near, and never share the key (password) with anyone.
CREATE SECURE PASSWORDS
Passwords should:
Be at least 8 characters long
Include at least one upper case letter
Include at least one lower case letter
Include at least one number
Include at least one “special character”, such as the following: !@#$%^&*(). These are essentially “capital” numbers.
Passwords should not
Be the same as our login name
Be an easily guessed consecutive string such as 12345 or ABCDE, or even 1234abcd
Be your SSN or some other important ID number
Be your name, or those of your family, pets, or coworkers (flattering as that might be for some)
Be an address, though that might otherwise be a reasonably secure password.
I.E. 123_My_House! ← While this fits all the “shoulds”, it is a bad idea!
Creating pronounceable passwords, while good for memorizing them, is not the most secure way to go. If you want a pronounceable password, you should create it as such, and then replace some letters with similar-appearing numbers and special characters. For example, a password containing the letter “i” might have that “i” replaced with a 1 or a !.
Remember, these are the keys to all your important valuables. Treat them as such!