Password And Security Best Practices

password and security best practices

Passwords are, perhaps, the second weakest link in computer security. (YOU are the FIRST)

Improper use of passwords is worse than no password at all.

If crackers can get a user’s password, they don’t have to worry about using exploits to get past security.

Worst of all, you can make it easy for them by not following best practices for password selection and security.

There are many ways for crackers to get passwords.

Some are technical hacks that involve sniffing a network or cracking a password file.

Others are as simple as guessing the password or tricking a user into giving it to them.

Good management can thwart many attacks aimed at cracking passwords.


Password best practice

1. Don’t write down your passwords. You would be surprised to find out how many networks have been compromised because of passwords that were written down. If you must write your passwords down, either because they are difficult to remember or change frequently, make sure you keep the list in a very secure place.

2. Don’t use plain words for passwords. If it’s in the dictionary, it’s not a password. Crackers can use software that automatically tries every word in a dictionary file. If you use a plain word, such as horse, they can easily crack it.

3. Don’t use personal information as passwords. Crackers can easily guess the names of friends, kids, pets, and other personal information. That includes birth dates and phone numbers, too.

4. Consider using computer-generated passwords that consist of random strings of letters and numbers. These are harder to remember, but they are more secure. Randomly mix upper- and lowercase letters within your passwords.

5. Don’t reuse a password; select a new one for each account. If you use the same password across several accounts, they could all be compromised.

6. Never tell someone your password over the phone. Companies never contact their customers and ask for passwords over the phone. Crackers pose as tech support personnel from an ISP and obtain passwords from unwitting customers.

7. Change your passwords periodically, every few weeks or so.

8. Make passwords sufficiently long so that they will be difficult to crack. A minimum of six characters, preferably eight, should be a rule of thumb.

Can you think of any more password tips?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] you do it correctly.How do you make a safe password?While it might seem simple, and it probably is, making a safe password is not what you might think it is. We know this because most people think that making a safe […]

  2. […] your blog in a matter of seconds.Ensure Strong Password SecurityYou should never use easy to guess passwords, or the same password more than once, anywhere on the internet.┬áThink about it – if a hacker […]

  3. […] of these functions maybe stealing your passwords, becoming a botnet that someone else is using, viewing your screen as you are working, and all kind […]

  4. […] Microsoft Windows products, you are able to place a password on the login page so that no one can use the computer except […]

  5. […] main problem with password encrypting your PDF file is that it doesn’t work at all […]

  6. […] Wireless routers and access points from particular manufacturers all come with the same default password. […]

  7. […] it goes without saying that you should never write your passwords down on scraps of paper or in your personal diary as there is a very good chance that someone else will read […]

  8. […] do you think of Graham’s password tips? AKPC_IDS += "12861,"; var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." […]

Speak Your Mind