Password Best Practices – I know, AGAIN!

Sean Lawless
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

With the uptick in high profile security breaches like the Office of Personnel Management, Target, JPMorgan and others, it is easy to become desensitized to the constant risk our cyber lives pose both personally and professionally. Information Technology departments have been rallying the battle cry about the necessity of using strong, complex passwords for decades now, to the point where discussing password best practices has become cliché. However, weak password practices continue to be one of the largest threats to both individual’s and business’ cyber security.

According to Verizon’s 2015 Data Breach Investigation Report, credential hacking is still the most common threat action. When you consider the number of devices, websites and systems you have a password to it is not hard to appreciate the need for good password practices. Outlined below are the Dos and Don’ts to creating and maintaining strong complex passwords, all commonly considered best practice by security experts.

Do:

  • Create passwords that are a minimum of 10 characters long, preferably longer.
  • Use mixed case, alpha numeric AND special characters (#, !, @)
  • Create a unique password for every device, website and/or system that requires authentication
  • Choose multi factor authentication whenever possible
  • Change your passwords often, preferably every 60-90 days
  • Use a password checker like Microsoft’s available here

Don’t:

  • Use dictionary words or sequential numbers (i.e. password or 123456)
  • Use proper names in your password
  • Choose to allow a website, system or web browser to ‘remember you, save your password, etc.’
  • Reuse your passwords
  • Write your passwords down anywhere

Example:

To create complex, unique, strong passwords that are easy to remember use a pass phrase and inject an identifier that is website or system specific.

mutatis mutandis becomes mU+@+15mU+@nd15

This is certainly a complex password. Now add the unique identifier.   If this password was to be used for an email account you might use mU+@+15emailmU+@nd15. If for a shopping website you might use mU+@+15sitenamemU+@nd15 and so on.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide