When it comes to passwords, there are too many opinions on the “right” thing to do.  Do you change them every 3 months, 6 months, 2 years?  Should you use capital letters, lowercase letters, or numbers and symbols?  Do you need a password of 12-15 characters or 15-20?  To dissipate all the confusion, we are giving you our top suggestions for password creation and management.  We don’t want your first line of cyber defense to be weak – and neither should you!

Character Count and Complexity

Some studies show that the human brain can only remember 10 characters at a time.  However, credit card numbers are a whopping 16!  Those who can remember a credit card number defeat the status quo!  So, we suggest a password of 12-15 characters.  This is relatively average as far as password length goes, so for an added level of security, we suggest complex characters.

When you see 4gh-Hpy#ttBsv, it looks as random as ever.  This kind of random complexity is hard to remember, making it easier for you to click “I forgot my password!”  This will lead you to create an easy-to-remember password that might not provide enough security.

12-15 characters in a password that is complex isn’t hard to do.  Which leads to our next suggestion.

Passphrases

If you’re reading this post, there’s a good chance you’ve heard of passphrases.  Similar to a pneumonic device, passphrases are passwords made out of phrases that only YOU would know.  For example:

Think of two facts about yourself?

Do you have them?

Good!

Let’s pretend those facts are that you’re from Mississippi and your favorite color is blue.  We’ll turn that into a phrase!

I am from Mississippi and my favorite color is blue.  This is a phrase only you would know, because it is (relatively) specific to who you are!

Now, let’s turn that into a password:  frmMi$i$iP1&Blu

This is a 15-character passphrase with capital and lowercase letters, symbols, and a number.

Certainly, your passphrases do not need to be THIS complex, but the more complex they are, the harder it is for a hacker to guess it.

When to Change It Up

Some people suggest changing your password every three months, six months, two years…it’s exhausting.  We suggest that a password is strongest in its first year.  You should change your password every year or 1.5 years.  If you change your password too often, there is the likely chance you will create an easy-to-remember password or modify your existing one by a character or two.  This is not a secure method of change.  We all get annoyed with the “It’s time to change your password” notification, so set one on your calendar for yourself!  That way you know when the year of your password has passed, and it’s time for a new one.

Sharing Isn’t Necessarily Caring

We highly recommend you don’t share your password with anyone.  There may come a time when you have to share an account with a co-worker, and in that situation we recommend setting a temporary password.  Set a temporary password for your co-worker for a certain amount of time.  Once they are done with what they need, change the password back to either the original, or change it entirely if you are extra cautious.  This also comes with not writing down your passwords.  While it may sound far-fetched, hackers could easily hack into the camera on your laptop or phone and see your discarded Post-It.  Also, insider threat is the biggest cyber threat in businesses, now, so always keep your passwords protected.  You may trust your co-workers, but you never know who is trying to get your sensitive information or the company’s.

Two-Factor Authentication

This is an added level of protection on top of your password.  Some accounts require two-factor authentication through a phone call, text message, or through an extra security question.  Technology has advanced so much now that one form of authentication is facial recognition.  If you can, we suggest applying a second form of authentication to the critical files or more personal accounts.

No Dictionary Words

One of our biggest suggestions?  Avoid the dictionary.  Even the least sophisticated of password-cracking tools have a list of dictionary words to see if you used one.  Once a hacker finds out that word?  Hackers have the upper hand on your password security.

You’ve Probably Heard This One…

Don’t use the same password for every account you open.  This should be obvious, and we get it!  We’ve all used one or two passwords for every account we have.  But we recommend that when you’re changing your passwords, REALLY change them.  Use different passphrases or passwords for different accounts – period.

Avoid P@$$w0rD Like the Plague

WHATEVER YOU DO, DO NOT MAKE YOUR PASSWORD “password.”  Should be common knowledge, but “password” is still one of the most common passwords along with “password12345” and “user.”  Securing your password, your first line of cyber defense, isn’t a situation for laziness.  Create thoughtful passwords and passphrases to avoid regrets in the future.

If you do make your password “password,” just know we’ll be looking at you like this…