the winxnet blog Blog Header Image

Best Practices for Creating & Managing Passwords

Posted on 8/29/2016 10:34:32 AM by Dr. Eugene Slobodzian
Category: Security & Compliance



Best Practices for Password Management

Proper use of passwords is one of the critical steps to take to avoid becoming a victim of cybercrime. 

There are really three basic rules to follow to protect your date:

  • Use strong passwords that are not related to your life (no names of pets or children for example) and are not based on one dictionary word
  • Use different passwords for any web site that holds your sensitive information
  • Change the passwords periodically

Nowadays a strong password is considered to be 10-16 characters, and contain a combination of numbers, symbols, uppercase and lowercase letters. Take that idea and combine it with the other two requirements, and you have a problem – only Rain Man can memorize that much data.

Luckily, there are tools that can help you manage your passwords and keep your information secure, and they are getting better all the time. Password managers store all of your passwords for you and fill out your log-in forms so you don’t have to memorize all your confusing passwords. There have been plenty of apps that stored the passwords on your device, but the newer cloud-based options and tools offer certain advantages. The most popular seem to be LastPass, Dashlane and 1Password.

These tools allow you to use your devices and browsers to store passwords on the provider’s site. They store them in an encrypted way and only decrypt them whey you enter your ‘master’ password.  Not these credentials can be accessed remotely from any device, as long as you know your master logon. All these tools offer dual factor authentication, an absolute must – otherwise if someone steals your master password, they have access to all your passwords.

I recently converted from using Firefox password storage to LastPass with Duo authentication. The setup was a breeze and, while there are quirks, the tool appears to work well for me.

 Here is a brief description of all of these password management tools:

  1. LastPassLastPass remembers your passwords on your behalf and makes it easy to audit passwords, create stronger passwords in general, and automatically change a password for you if a service has been hacked.
  2. DashlaneDashlane is another password management tool that has a two-factor authentication and the ability to share passwords with emergency contacts in case you can’t access your accounts, and the ability to change multiple passwords on multiple websites with just a few clicks.
  3. 1Password 1Password comes with a strong password generator to help you pick out a good password, allows you to secure notes for other passwords or notes you want to keep private, a digital wallet for bank accounts and a password ‘recipe’ builder that helps you create strong passwords.

These are just a few password management tools that can help you keep track of your passwords and make sure your information stays secure. Please reach out to our security experts if you have additional concerns or questions.