2021 Password Best Practices

Passwords – Is mine strong enough?  How do I know?  

Every time I write a password article I feel as if this subject has already been done to death by me and others.  But I always get more positive feedback on this subject than others I consider more interesting, so we offer the following suggestions:

• Use different passwords for personal and work systems.  That way if you are cracked one place, the other is still secure.
• If you write down and save your passwords, you are better off using paper or a notebook than recording them in an Excel spreadsheet.  If your computer is hacked, that spreadsheet is toast. Store your notebook were it is not easily accessed by someone else.
• Change your passwords periodically.  That way if yours are stolen off a web server and sold on a list somewhere, they won’t be useful to the bad guys for very long.
• Longer passwords are better because most passwords are solved using computers and software that makes millions of guesses per second.  At ten or more characters, it would take a machine over a hundred years to solve using current techniques.
• Use a different password for every device or website
• Use multi-factor authentication (MFA) whenever it is available.
• Avoid creating or using shared accounts.  If you don’t share your toothbrush with this person, why would you share your login credentials?
• Always change the default password when setting up new devices.  Default user names and passwords are easily found online, on the manufacturer’s support site as well as websites that aggregate this information in a single list.  (Check out www.defaultpassword.com)

While that may not be all of the best ideas, it is certainly enough of them.  If you were only going to pick one of them, choose the last one.