National Network to End Domestic Violence, Safety Net Project’s Password Safety Outline
While most everyone has at some point heard the basics of password security (use a strong password, don’t use the same password on different sites, etc.), many of us still brush off that advice because it seems too complicated, or it feels like we just don’t have the time. We use the same password across different sites; we use passwords that are easy for others to figure out – and just hope for the best. But passwords are just as important as other tools we use to verify our identity – like driver’s licenses, social security cards, and passports – and they are just as important to keep secure. Below we’ve listed some key tips to simplifying your password security – and to understanding why it’s so important.
Focus on length. The best passwords are at least 12 – 15 characters long, and can contain letters, numbers and symbols – which sounds like a lot.
Use different passwords for accounts that contain sensitive or personally identifying information. The importance this tip can’t be emphasized enough. If you use the same password across these accounts, once it’s been cracked, ALL of your accounts become vulnerable. Just as you use different keys to protect different places, use different passwords to protect important accounts.
Password managers securely remember your passwords so you don’t have to! Most of us avoid using different passwords for different accounts because it’s just too hard to remember them all, and we know writing them down isn’t safe. Luckily, password managers – tools that store and protect passwords like banks store and protect money – can help! These tools can also create passwords that are incredibly hard to crack.
Use two-factor or multi-factor authentication. Instead of just entering a password to log in to your account, you will also need to enter a second piece of information.
Share your password with…. no one! It’s important to keep your passwords private.
Don’t let browsers remember your passwords. While this feature in many browsers may make it super easy to get in to your accounts, it also makes it easy for someone who’s using the same computer or device to access those accounts (and all of your personal information) without needing to know your password. If you need help remembering your passwords (and who doesn’t these days?) consider using a password manager.
Be strategic with your secret questions and answers. Those secret questions aren’t really secret. Someone who knows you (or someone who can Google) will be able to guess where you went to high school or your favorite color. There’s no rule that you have to be honest when answering those secret questions, so make things up that you‘ll remember but someone else can’t guess.
Change your password (only when you need to). If you think someone knows your password, changing it from a device that isn’t being monitored can keep them from gaining further access to your account. But if your account hasn’t been compromised and you have created a strong password using the guidelines above, it’s not necessary to change your password often.
Remember to log off. Computers and devices are smart – sometimes too smart – and unless you actively log out, your account may remain open indefinitely, allowing others easy access.
