The Top 10 Password Dos and Don’ts

Posted on Jun 23, 2015 in Security

This week is Connect Smart Awareness Week (22-26 June), a campaign to remind New Zealanders be vigilant about online security and improve awareness of cyber-attacks. Recent research shows that 60% of all cyber-attacks are aimed at SMEs and 38% of Kiwis alternate between 2 – 3 passwords for everything, so ask yourself the question: Is my business’ data at risk?

We’ve put together this handy list of the top 10 dos’ and ‘don’ts for password best practice, which should form part of your business’ ‘online security policy’. Do the passwords of your employees tick all the boxes?

DO:

  1. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.
  2. Change your passwords at least every 10 weeks.
  3. Turn on 2-step authentication whenever possible.
  4. Remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software, or manage your passwords with a password management software such as LastPass.
  5. Access important websites (ie. Paypal) from bookmarks directly, otherwise check its domain name carefully to ensure that it’s not a phishing site before entering your password.

DON’T:

  1. Use the same password for multiple important accounts.
  2. Use the names of your families, friends, pets, postcodes, house numbers, phone numbers, birthdates, ID card numbers, and so on in your passwords.
  3. Use any dictionary word in your passwords.
  4. Use something that can be cloned (but you can’t change) as your passwords, such as your fingerprints.
  5. Let your web browsers (FireFox, Chrome, Safari, Opera, IE) store your passwords. All passwords saved in Web browsers can be revealed easily.

Also consider:

  • Protecting your computer with firewall and antivirus software, which should only be bought or downloaded from reputable sources/sites only.
  • Be careful when using online paste tools and screen capture tools, do not let them upload your passwords to the cloud.
  • Avoid logging in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot or a free VPN.
  • If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers (e.g. wireless keyboard sniffer), software keyloggers and hidden cameras when you feel it’s necessary.