Today is World Password Day , a holiday created by Intel on the first Thursday of May to ensure everyone knows password best practices. “P@ssW0rd” has never been a safe password to use to protect your accounts… ever.
There are best practices to keep in mind when creating passwords. Here are a few of our personal favorites:
- Keep Your Passwords Private - NEVER share a password with anyone else. Make sure passwords are not written down, especially not on a sticky note on your monitor.
- Make a Strong, Complex Password - Use passwords of at least eight (8) characters or more (longer is better). Use a combination of uppercase letters, lower case letters, numbers, and special characters (for example: !, @, &, %, +) in all passwords. Avoid using people’s or pet’s names, or words found in the dictionary; it’s also best to avoid using key dates (birthdays, anniversaries, etc.).
- Use a Password Management System - There are free options and more expensive options. You can create truly random, very long, and unique passwords for each site, and because the software will remember them for you, you never have to worry about what your password is. Your password manager will store and encrypt the passwords for you, and log you in automatically.
What are some of your favorite password tips and tricks? Are there any password stories to share? Comment below!
42 Spice ups
Obligatory mention of the post by @mb13977 , who beat you to it: World Password Day 2020
7 Spice ups
To Celebrate Password Day - Go through your passwords and make them stronger, coming up with nonsense phrases you can remember. Phrases are long, harder to brute force attack and easy to remember.
Password managers and multi-factor authentication.
Additionally, here are some useful suggestions for Password Policy Best Practices .
5 Spice ups
That’s the same password I have on my luggage!
10 Spice ups
vitob
(VitoB)
6
“P@ssW0rd” just like the seasons of a year, which we found out users are doing this and have been told to change it to something stronger. This is definitely a SMH moment!!
1 Spice up
eric7615
(Eric7615)
7
Yeah for GPO to force users to change passwords and make them complex.
1 Spice up
I should have waited 1 more day to post my top 100,000 passwords post.
1 Spice up
dtapley
(Dante_Play)
9
Avoid sharing personal information on Social Media that would be used in a password self-reset!
3 Spice ups
KatyKat5
(KatyKat5)
11
Personally, I like to set/reset passwords to variations of whatever music (artist and song) i’m currently listening to and the time stamp of where I’m at in the song at the moment of password configuration
:shrugs:
I suck at coming up with complex passwords.
This seems to be effective.
1 Spice up
d3rl
(D3rl)
13
Password: ***************
2 Spice ups
I remember a post from someone about a passwd dump where among the usual Passw0rd and similar commons there where several along the lines of " j13qgyaa etc etc". All exactly the same. When they dug into this it turned out to be “my password” on a Chinese keyboard. Who says users can’t learn
2 Spice ups
Strong passwords are undoubtedly a good thing. Sadly, it means I am no longer able to remember all of them.
So which is worse: shorter, common, and memorable passwords, or long complex ones I have to write down?
Bud-G
(Bud G.)
16
Password managers for those of us who actually do use the best practice of having a unique password for all 100+ accounts that we have to use/manage.
Then it’s a single, complex password. It works great.
1 Spice up
According to Wombat’s 2018 User Risk Report , 66% of respondents who do not use a password manager tool admit to reusing 60% passwords across online accounts. This is a very risky practice, because once one account is compromised, the attacker gets access to a wider variety of assets. Beyond password reuse, other password-related risks include using obvious passwords (e.g., 123abc, 1111), failing to update passwords regularly, storing passwords within reach of the computer, and sharing passwords with others. All of these poor password practices increase the risk of a breach for a company, because an attacker can more easily steal or crack passwords.
Holding training sessions dedicated solely to passwords practices is definitely worth doing. Also consider using supportive hints that are pushed to user screens when they log in — these tips can repeat key points emphasized in the training (e.g., “Never keep your password in a place that can be accessed or viewed by anyone besides yourself.”).
Another important measure is to use a password manager software application that generates and retrieves complex credentials and stores them in an encrypted database. In addition, consider using a password expiration tool that automatically reminds users to change their passwords before they expire (or use PowerShell to do this), so you can require regular password changes without burying your helpdesk in calls to reset expired passwords.
I can’t stand LastPass or any of those browser password manager add-ons. Also, didn’t they get hacked recently? I will stick with KeePass v2 . I even have some of our employees using it now instead of an password protected Excel file. KeePass is like a work of art. If I have to take an extra 5 seconds to copy and paste from there into a website it is worth it. Much more secure.
2 Spice ups
I love the meme, “I changed all my passwords to incorrect. So whenever I forget, it will tell me “Your password is incorrect.””
2 Spice ups
Steve9603
(Steve9603)
20
Password vault (pwsafe) uses a long passphrase that I’ve never said aloud. This passphrase has a backup in a “break glass” device for which two people know the location.
pwsafe is AES256 encrypted and backed up to two disconnected and airgapped systems weekly.
Password generation in the vault is 32 characters of random characters using all four groups (upper, lower, numbers, symbols).
I don’t know the overwhelming majority of my own passwords across the 136 entries held in the pwsafe.
