Best Practices for Passwords

In our digital age, the amount of passwords we have to create and remember is dizzying.  We are sure most of you are aware of the tips to create strong passwords to protect your online financial information.  The problem to following these tips is that you end up with dozens of unique, strong passwords which are impossible to remember.  It is tempting to simply use the same password for multiple sites, which is not recommended.

Here’s a quick review of some tips to creating strong passwords:

  • Create unique passwords for each website – this reduces the likelihood of multiple accounts being compromised in the event of a security breach
  • Use longer passwords – at least 8 characters
  • Avoid common words and names (especially your own name)
  • Use different types of characters:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Symbols (!,@,#,$,%&, etc.)

In addition to the above, we recommend changing important passwords (i.e. bank accounts) at least every 3 to 6 months.  Keep in mind that the password to your email system is also critical.  Since your email is used to reset password from other sites, someone can do a lot of damage if they gain access.

So, now that you have unique passwords for all of your online accounts (and are changing them regularly), how in the world are you supposed to remember them all?

The worst option is to keep sticky notes around your computer or to keep passwords in an unprotected file on your computer.  A much better option is to use a password manager system.   These systems can securely store your passwords and make it easy to use them across different devices.  They can even store useful information for filling out forms and help you generate strong passwords.

Below are some options for password management:

  • 1password (agilebits.com)
    • Stored locally (not in the cloud) with option to sync with other devices via iCloud, Dropbox or WiFi
  • Dashlane (dashlane.com)
    • Stored locally on single device – free version
    • Option to sync with other devices via their server with paid version
  • Lastpass (lastpass.com)
    • Cloud-based
  • RoboForm Everywhere (roboform.com)
    • Stored locally with syncing to all devices over their servers

All of the password managers listed above use a very high level of encryption to keep your passwords secure.  The possible entry point for a hacker is the master password, so it is important to make this password as strong as possible.

Also, we recommend that the most important and trusted person in your life (such as a spouse) be able to access all passwords in the event of incapacity or death.  Make sure you share where everything is stored so this person is able to access the critical information if needed.

Leave a Comment