Top Things to Consider When Managing Password Security

By Brian Jefferson

Our passwords are our first (and sometimes only) line of defense against data theft. But we often make the simplest mistakes when creating them: reusing them across multiple sites, using predictable phrases, or using common words that don’t actually protect anything. Fortunately, there are quite a few mechanisms and practices we can use to keep ourselves protected. Using long, diverse passwords that don’t match common terms or words in the dictionary can help make them hard to crack, and maintaining distinct passwords for each of your accounts makes it harder for hackers to gain access to your information. Password managers and two-step authentication adds additional protection for already-strong passwords by linking account access to your phone number or email, while making it easier to maintain unique and complex passwords across multiple sites.

This infographic lays out some of the key areas where we can develop the best practices for password creation and maintenance. Instead of taking passwords for granted, consider the steps you can take to protect private accounts and sensitive data across multiple sites.


Use Password Managers

Password managers allow you to store multiple passwords under a single account. What’s more, you can protect all your passwords with a unified password, and keep your records encrypted for additional protection. Password managers give you the ability to have multiple, complicated passwords that make breaking in to any single account more difficult.

Don’t Use Your Browser to Save Passwords

A browser is not a password manager. A real password manager includes security and protections to help keep your information safe, while a browser doesn’t typically have any of these. And, to be honest, why would you store your passwords in the same place you access the internet from? Get a manager, and enter your passwords when possible.

Include a Wide Variety of Normal and Special Characters

Avoid writing common words that can be found in a dictionary. This means that a password should include letters (lower and uppercase—these aren’t the same thing to computers), numbers, punctuation, and symbols distributed throughout. This might be hard to remember, but easy-to-remember passwords are easier to crack. If you don’t want to memorize passwords then get a password manager and keep them long and complex.

Use Long Passwords with 12+ Characters

Longer passwords are harder to crack, due to complexity. 12-15 characters (minimum) provides a good start on password security. You still need to avoid using common phrases and words, however.

Utilize Unique Passwords for All Accounts

Don’t reuse passwords. Ever. Once a hacker finds out a password for one account, they might try it on any available website you are registered with. At that point, all bets are off. Once they are inside, they can lock you out and grab your information at their leisure. Only advice, Change Password.

Avoid Repeated Password Changes

Contrary to popular opinion, changing your password doesn’t inherently make it any harder to crack. A password lives and dies on its length, complexity, and privacy. If you make your password hard (or nearly impossible) to guess—especially if you include features like two-factor authentication—then why change it?

Include Two-Factor Authentication (Where Available)

Two-factor authentication provides an extra layer of security so providers can determine if you are really you. With two-factor authentications, you can pair your password with phone, text, or even biometric measures that authenticate that you are accessing the account. If your account requires a password along with a text confirmation from your phone, then it doesn’t matter if the hacker has the password if they don’t have your phone. This also means that if someone else tries to access your account, you will be notified immediately.