Password Security & Best Practices – A Refresher

Colin Zick
Foley Hoag LLP - Security, Privacy and the Law
Contact
LinkedIn
Facebook
X
Send
Embed

Foley Hoag LLP - Security, Privacy and the Law

As more and more of us return to the office, it’s a good time to revisit the passwords you use.  It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center (“HC3”) recently published a set of password security suggestions and best practices.  Here are some of HC3’s key takeaways:

  • Use multi-factor authentication when possible.
  • Use different passwords for different accounts.
  • Make passwords that are hard to guess, but easy to remember.
    • To make passwords easier to remember, use sentences or phrases. Example:  “pineappleonpizzaistasty”;
    • Hackers will use dictionaries of words and commonly used passwords to guess your password. Avoid single words, or a word preceded or followed by a single number (e.g., Password1);
    • Do not use passwords that are based on personal information that can be easily accessed or guessed (e.g., birthdays, children’s or pet’s names, car model, etc.);
    • Length over complexity:
      • The longer a password is, the better. Use the longest password or passphrase permissible by each password system.
    • But complexity still matters:
      • To increase complexity, include upper- and lower-case letters, numbers, and special characters. Example: “pin3appl30nPizzaI$Ta$ty
    • Never reveal your passwords to others.
  • Password management tools, or password vaults, are a great way to organize your passwords.
  • Enable “Show Password” where possible.
    • It is unlikely that the person behind you is going to record your password data, so there is little
      reason to hide your password as you type. You are more likely to make mistakes in typing if
      you cannot see the characters, and mistakenly think you have forgotten your password. This
      error leads to potential data exposure every time you need to reset your password.
  • Store Securely:
    • Not on a Post-It under your keyboard.

References:
“Creating and Managing Strong Passwords,” CISA. 27 March 2018.
Kurko, Michael. “Best Password Managers,” Investopedia. 9 June 2022.
“NIST Password Guidelines: The New Requirements You Need to Know,” Auditboard. 24
“Password Best Practices,” UC Santa Barbara. N.d. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Security, Privacy and the Law | Attorney Advertising

Written by:

Foley Hoag LLP - Security, Privacy and the Law
Foley Hoag LLP - Security, Privacy and the Law
Contact
more
less

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide