A Quick Guide to Password Security, Practice Safe Passwords: A Quick Guide to Password Security
Your server is only as secure as your weakest password. As a rule of thumb, the more lengthy and complex a password, the stronger it is. Follow the best practices below for generating difficult to crack passwords.
- DO Use Passwords of At Least Ten Characters: The more characters, the more difficult a password is to crack. Length is key. Create lengthy passwords of at least 10 characters!
- DO Create Unique Passwords: Each password you use should be for a unique service (ex. cPanel, MySQL, and your bank account should all have different passwords).
- DO Use a Combination of Character Types: Use numbers, lowercase letters, uppercase letters and symbols in your password. (ex. XkeDZaJ6QG3E8!jKq3%yIOd3)
- Change your passwords at least every six months
- DO Randomly Generate the Password: Use one of the following sites to generate a secure password: Norton by Symantec, Random.org, or Random Password Generator
- etc.: We’re absolutely sure your dog is adorable. But, her name probably isn’t a good password. Unless her name is Tmb1W>r~ii, then that’s cool.
- DO NOT Reuse Passwords: Let’s say your first password for an account was gCB7%TT^Vm but you were forced to change your password, so you changed it to [email protected]#TsVaiQ. If you have to change the password for that account again, do NOT go back to gCB7%TT^Vm. Create a new, unique password instead!
- DO NOT Use Adjacent Keyboard Strings: qwerty1234 is not a good password.
GOOD Passwords (but don’t use these)
A password like *@7X#JjI6j4e#cC2axjFz%[email protected] is likely going to be difficult for most people to remember. But, a long password is difficult to crack, and can be crafted from some common piece of information. A joke, a hobby, a book/movie quote, or an interest of some sort can be used as the basis for a secure password. Take the quote, “Life — uh — finds a way,” from Jurassic Park. We can build this into a secure password by changing out some characters and adding a few numbers: L1f3-;uH;-F1nd54wAy! That’s a secure password that would be much easier to remember.
Password Managers can remember passwords for users. Keep in mind, however, that a Password Manager is a gateway to ALL of your passwords. Having one password that can access all the rest of your passwords and sites is certainly very risky, and against best practices.