Posted on

Password Do’s and Don’ts

There are best and worst practices for handling your passwords.
Here are a few examples of both:


  • always use a quality password manager that can generate new hard-to-crack passwords
  • consider who you’re willing to trust with your most-personal data
  • audit password strength often
  • delete unused or forgotten accounts
  • always use longer passwords with at least 12-16 characters which are much harder to crack
  • change passwords for critical sites at least annually
  • never use public WiFi networks without a good VPN to prevent unknown interception of passwords


  • never reuse passwords for multiple accounts
    • > gives attackers access to multiple accounts
  • never use personal info or social info in passwords
    • > examples are child and pet names, street address, birthdays, or phone numbers
    • > knowing personal info about you makes guessing passwords easier
  • never type passwords on camera or while people are peeking
    • > be aware of your surroundings
    • > aka “shoulder surfing”
  • never share passwords
    • > do only when there’s a legitimate need to know
    • > instead create limited user accounts when possible
  • never forget to revoke credentials of ex-employees or temp developers
    • > do this as soon as possible and never forget