There are best and worst practices for handling your passwords.
Here are a few examples of both:
Do’s:
- always use a quality password manager that can generate new hard-to-crack passwords
- consider who you’re willing to trust with your most-personal data
- audit password strength often
- delete unused or forgotten accounts
- always use longer passwords with at least 12-16 characters which are much harder to crack
- change passwords for critical sites at least annually
- never use public WiFi networks without a good VPN to prevent unknown interception of passwords
Dont’s:
- never reuse passwords for multiple accounts
- > gives attackers access to multiple accounts
- never use personal info or social info in passwords
- > examples are child and pet names, street address, birthdays, or phone numbers
- > knowing personal info about you makes guessing passwords easier
- never type passwords on camera or while people are peeking
- > be aware of your surroundings
- > aka “shoulder surfing”
- never share passwords
- > do only when there’s a legitimate need to know
- > instead create limited user accounts when possible
- never forget to revoke credentials of ex-employees or temp developers
- > do this as soon as possible and never forget
