In a perfect world, you would use a different long, complicated password for everything you want to keep private. Even those of us who should know better don't always do that. So let's get real. If you can't quite follow ideal-world guidelines, here are some down-to-earth tips to make you more secure.
Not all password-protected information is created equal. Some information is very sensitive, and other information is not sensitive at all. There are two major categories of logins:
Before you select a password, think about what kind of information your password is supposed to keep secure. Then choose your password length, strength, and complexity accordingly.
Strong passwords are really more like "passphrases," because they aren't just a regular word. A strong passphrase has these characteristics:
There are a number of sites that can help you strengthen your passwords. For example, Strong Password Generator will generate a truly random password for you. And Microsoft's Secure Password Checker will evaluate your password's strength.
Another easy way to create a strong password is to start with a phrase you know and will remember and develop your password based on that phrase.
Some general guidelines for password security include:
For added password security:
To learn more, see Microsoft's article, Tips for Top-Notch Password Security for small businesses.
Given the number of times we log in to different sites and programs every day, people have a natural tendency to reuse passwords. It's easier to remember one complicated password than dozens. But reusing passwords means a hacker who gains access to one account could easily gain access to others.
A password manager can make password security much less burdensome. A password manager is a kind of software that remembers all your passwords for you. You create one super-strong password to log into the password manager, and that's the only password you actually have to remember. This means you can create long, complicated passwords to your heart's content, but you don't actually have to remember them.
There are a lot of password management tools out there. A few well-reviewed ones are LastPass, Roboform, and Keepass. For more information, TechSoup Canada has a good roundup of additional password manager resources, including advice about what password manager features to look for.
Every organization should have a password policy to help staff use passwords correctly and securely.
If you're in charge of creating password policies for your organization, here are some suggestions.
A few other tips:
For a sample policy, see the SANS Institute's Sample Password Policy (pdf).
Image: Keyboard key, Shutterstock
Join today to access donations and discounts for your nonprofit or library.
Already a member?