PASSWORD DO’S AND DON’TS – Password Management

CHANGE YOUR PASSWORD MANAGEMENT STRATEGY TODAY!

If you have a poor password your website is at risk! Spammers and Phishers constantly try to break into websites that have poor passwords, once in they use your website to host fake websites intended to deceive people into providing private information, or they use your website’s sendmail service to send spam from YOUR email address. The #1 way to protect yourself is YOUR PASSWORD. We encourage all users to choose a difficult password using the following tips listed below.

Passwords aren’t suppose to be easy, they are intended to protect you, so don’t make it easy!

Login NOW and change your password to something hard!

Some Password Examples:

• Bad Password: charlie
• Better Password: Violet-River-Laptop-Canvas
• Bad Password: password
• Better Password: wK7v!Q3hMZp2@9Lf

Password Management Do’s

• Use a long passphrase (12–16+ characters), ideally four or more random words, or a randomly generated 16–24 character password from a password manager.
• Focus on length and uniqueness rather than forced composition rules. You don’t need a specific mix of upper/lower/symbols if your passphrase is long and unique.
• Avoid predictable substitutions like 0 for o or 1 for l.
• Symbols are fine, but avoid common patterns and predictable swaps; a random manager-generated password is strongest.
• Passwords aren’t suppose to be easy, they are intended to protect you, so don’t make it easy.
• Check Security.org to see just how strong your passwords are: https://www.security.org/how-secure-is-my-password/
  • Once you play with the Password Strength Meter you’ll get a feel for how important a Better Password Management Stretegy is.

Password Management Dont’s

• Your first name, last name, or login name, in any form
• Consecutive or repetitive numbers or letters
• Adjacent keyboard letters such as qwerty or asdfghjk
• Common and obvious letter-number replacements (e.g. replace the letter O with number 0)
• Easily guessed personal information such as names and dates of yourself, family members, pets and close acquaintances
• Easily obtained information, such as:
  • address
  • license plate numbers
  • telephone numbers
  • credit card or ATM numbers
  • Social Security or Social Insurance numbers
  • email addresses
• Dictionary words, in any language, forward and backward
• Popular book titles, movie titles, or phrases
• Short passwords

Additional Tips

• Never share your password with anyone. Protect all passwords as you would protect your bank PIN.
• Never store passwords unencrypted on your computer. Password management software is great for managing many passwords, and a good manager can screen new passwords against known-breached databases; take great care to protect access to your password database with a strong master passphrase and, where supported, hardware security keys (FIDO2) and device biometrics! (Or better, a combination of these).
• Never type your password when anyone is standing nearby.
• Beware of phishing scams.
• Change passwords if they are reused, weak, suspected to be compromised, or after a breach. Otherwise, use strong, unique passwords and turn on MFA for protection.
• Never use the same password in many places, especially online! Also enable multi-factor authentication (MFA) for all important accounts, and where available, set up passkeys (FIDO2/WebAuthn) for stronger, phishing-resistant sign-in.

Also see: Phishing Scams