Home > Password protection, Small Business IT > Password Dos and Don’t

Password Dos and Don’t

Here is a excerpt from my new book “Keep IT Simple” about passwords.  Why not subscribe to hear about release dates, and read other excerpts.

James calls in a panic one morning. He has just discovered his Facebook® account has been compromised and his account is now sending spam to all of his Facebook friends. He does not understand how someone could have guessed his password. I asked what him what his password was (you should never tell anyone your password) and he told me it was the name of his dog. He had included pictures and the name of his dog on his Facebook and Twitter profiles. Someone easily guessed that his password was his pet’s name.

Lesson: Never use a password that can be easily guessed.

Using a strong password is the first line of defense in protecting your data and identity. Create a strong password on all of your devices (including phones and tablets), systems and applications. Without a strong password, you are leaving the door to your data unlocked and wide open. Below is a list of password dos and don’ts.

Password Dos

  • Use uppercase, lowercase, special characters and numbers.
  • Use at least 8 characters. (The SANS Institute considers any password less than 15 characters to be “weak”.)
  • Use a different password for each account.
  • Change your passwords if you suspect it has been compromised.
  • Change your passwords frequently.
  • The SANS Institute recommends that all system level passwords (root, Windows Administrator etc.) be changed quarterly. All user level passwords (email, web, desktop computer, etc.) should be changed every six months.

Password Don’ts

  • Share passwords.
  • Use the same password on more than one account.
  • Write down your password.
  • Distribute passwords via email or instant messaging.
  • Leave a computer unattended while logged in.
  • Use your password or part of your password as the answer to a security question.
  • Use a dictionary word in any language.
  • Use dictionary words spelt backwards.
  • Use a spouse, child, pet, car, teacher, etc. name as part of (or as) your password.
  • Use your phone number, social insurance number, birth dates or license plate as part of (or as) your password.
  • Use QWERTY.
  • Use 12345678 or any variance of this.
  • Use easily substituted letter and characters i.e. password would be changed to pa55w0rd.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: