Password Do’s and Don’ts

4 min read

Passwords have become a very important part of our digital lives. Yet it is common knowledge that we don’t always value them as much as we should. We tell ourselves, ‘What could I possibly have that a hacker would want?’ and end up creating weak passwords in the process. Often, we also have the same password for all of our accounts, simply because it is relatively easier to memorise one password than many different ones. 

One should remember that a hacker can gain access to an individual’s entire digital existence if he manages to get his hands on just one password. This is why password security is so important to protect one’s data in the digital world. If you want to prevent being a victim of cybercrime or malware, you should choose your password very carefully. However, while organizational internet security can be significantly improved by implementing a few basic concepts right away, when it comes to passwords, there is a wide range of personal habits and business standards that exist. According to the most recent NIST recommendations, several practices that were once considered basic are now considered obsolete. Below, thus, are the new “Do’s and Don’ts” for password rules.

Don't set an easy-to-guess password

Don’t set an easy-to-guess password

Some passwords are extremely easy-to-guess. These include:

  • Passwords which used regularly (example: password, 123456, xyz123)
  • Those that are simple to figure out because the characters are related to one another, follow patterns, or are single words from a dictionary (example: asdfgh, xoxoxoxo)
  • Passwords that contain personal information (example: daughter’s name, father’s birthday, user’s phone number, etc.) – this information is readily available and so is easy to guess
  • Those which are simply variants of the same password across numerous sites (example: Xgoogle1!, Xfacebook1!, password01, password02, and so on) – these can be easy to guess, especially if the person attempting to figure it out has seen any of the previous passwords

If your password is simple to guess, your information can likely be hacked into without much difficulty. Hence, while choosing a password one needs to be vigilant and not make it an easy-to-guess one.

Do make passwords easy to remember (for you)

While remembering password do’s and don’ts, you must keep in mind that making a password by using the first letter of each word in a phrase or sentence will make it harder for a cybercriminal to figure out what you are trying to say. When it comes to science, for example, you might remember the classic mnemonic ‘My Very Eager Mother Just Served Us Nine Pizzas’, which many children use to memorise the order of planets (MVEMJSUNP). Similarly, using an acronym to create a safe password that is easy to remember can be a very effective strategy.

Don’t keep your password in a place where it’s easily accessible

If you leave your written-down passwords in a location that can be readily accessed, others can then access them as well. For example, it’s easy to find things like the sticky note under a mousepad or keyboard, the file labelled ‘Password’, and the list in your desk drawer. If your passwords are easily discovered, it is likely that whatever they are protecting is also easily compromised. 

Do try to use a good password manager

Do try to use a good password manager

By using a password manager, you can keep track of all of your login information for various websites in one place. This eliminates the need for you to keep track of every password you use. However, make sure the password you use for the password manager is secure and easy to remember. There are multiple options available on the internet that can be of help to you. 

Don’t use short passwords

It’s common for people to believe that passwords should look like k5wT!1*a for it to be safe. Hence, often, we keep them as brief as possible, hoping that we will be able to recall the six or eight characters. This has two major flaws. 

  • A password made up of a mess of random characters isn’t going to be easy to remember
  • There aren’t enough characters in a short password for a password cracking tool to have any trouble figuring out 

Thus, one important feature of password do’s and don’ts is to, ideally, use a 14-character minimum password.

Do tweak your security questions to stay more secure

Phishing attacks can become rather sophisticated in their execution. Online quizzes, sometimes, are able to get information that security questions frequently ask. For example, ‘Enter your pet’s name’, ‘Enter the name of the street you grew up on’ to ‘Learn the name of your fantasy novel character’.  So, if you make your security questions a little different, hackers won’t get access to your personal information easily.

And, because you don’t have to remember them, you don’t have to worry about making them easy to remember either. 

Do use names of random things

Do use names of random things

In this case, you employ a predefined pattern to generate a password that appears to be random. For example, you can utilise the first letter of each line written on page 42 of whatever book is closest to you to construct a password. You can use spaces for the number of paragraphs on the page. You can substitute the first letter of the paragraph, or the leading punctuation, for spaces. Since page 42 is always the same, the only thing you need as a password hint is the title of the book.

Don’t use the same password for more than a few months

With respect to password do’s and don’ts, there is debate over how long one can keep a password unchanged. For instance, according to system administrators of organisations, the more frequently (every three months, for example) a company’s users change their passwords, the more secure the company is. 

Yes, if a breach occurs on the first day of three months, the system’s periodic password change is worthless since the passwords (especially if just altered by a single character!) do not age well. Nonetheless, it’s a good practice to change your password every three to six months for better security.

A user can prove that he is authorised to use the computer through user authentication. It is possible to share a single device with multiple users, each of whom has its unique password. Lock and key systems are analogous to passwords. Only the keyholder can access the facility.

Hackers use password guessing as a common method to break into computers. Simple and widely used passwords allow intruders to swiftly gain control of a digital device. However, if you think of a tough password, you will not become a victim of this intrusion. So, get your thinking caps on and follow these dos and don’ts to think of a password that none can hack into. 

Leave a Reply

Your email address will not be published. Required fields are marked *