Author Elaine Harrison-Neukirch
If you use online accounts or apps on mobile devices, you are familiar with passwords.
Do you use the same password for multiple accounts?
Do your passwords contain your pets or children’s names, birthdates or other personal information?
Are your passwords easy to guess?
Have you shared passwords with friends or family members?
Do you keep your passwords listed in a document on your computer/ mobile device or written on paper?
Did you answer “yes” to any of these questions? If so, you are not practicing good password hygiene.
What is good password hygiene?
Good password hygiene are best practices for creating and managing passwords. These are steps that should be taken in order to ensure that your passwords are not obtained by people or groups who have malicious intent (also known as threat actors). These steps help keep your online accounts secure.
Use longer passwords or passphrases
A passphrase is a string of words that may be easier for you to remember and will be difficult for someone to guess or use software to “crack.”
An example of a passphrase is donutsandcoffeeforbreakfast.
You can add in capital letters, numbers or symbols as well depending upon the password requirements for the application you are using.
DO NOT use the same password for multiple accounts
Using the same password for multiple accounts makes it easy to remember the password. However, it also makes it easy for someone who has your password to gain access to multiple accounts.
For example, your Facebook password is acquired by someone with malicious intent. They may already know of your other social media, financial and shopping accounts. They can then attempt to get access to the other accounts by guessing the username and using the stolen password.
DO NOT include personal information in your passwords.
Using your pets’ or childrens’ names, any birthdates or other personal information may make it easier for someone to guess. This information can likely be found on social media and other public record sites.
Use a password manager
A password manager is an application that securely stores your passwords and usernames. When you create a new password or change one, this is added to the password manager. Some password managers that are available are:
There are antivirus vendors who include a password manager in their subscription. Check with your antivirus vendor about your subscription.
Change your passwords every 90 days
The standard amount of time to change a password is 90 days. You can certainly change them more often. By changing passwords on a schedule, this will help to keep your passwords from being guessed or cracked.
Have I Been Pwned is a free service that will notify you if your email or other information has been found in a data breach. If you sign up for notifications and get one, it is suggested to change your passwords as a precaution.
This is just a basic summary of good password hygiene. There are other steps to be taken to add additional layers of protection. Once being adding two factor (multi factor) authentication to accounts that offer it including social media, shopping and financial accounts.
About the Author: Elaine Harrison-Neukirch has over 10 years of experience in cyber security working in the healthcare and financial services industries. She currently runs the customer support program at SCYTHE. Elaine advocates for Women in Cybersecurity; she is a member of both Women in Cybersecurity and Women’s Society of Cyberjutsu. She is also the Education Director for CSNP. @rubysgeekymom