Best Practices For Your Passwords
Passwords used to be a secure mechanism because users would have to follow a number of rules. These included changing a password every 90 days and meeting complexity requirements such as password length, a mix of characters and no recent password reuse. However, as technology changes, so do best practices for keeping a password secure. The National Institute of Standards and Technology (NIST) has created a new set of guidelines that in some ways contradicts the traditional rules of password safety.
Here are some of NIST’s controversial highlights:
- Users should employ multi-factor authentication (MFA)
- Passwords should never expire
- There should be no required character complexity rules
To meet these guidelines, LI Tech’s advice for password optimization includes the following:
Use a long phrase that is easily remembered.
The best way to ensure you’ll remember a password is to include Thing&Thing2 syntax (Take, for example, ButterToast). Use that “easily remembered thing combination” and adjust it in the middle to correspond to a website or company you’re using it for: ButterAToast for shopping at Amazon (“A” for Amazon).
This way, when a website eventually DOES get hacked and your password is compromised, cyber criminals would only be able to cross-reference the password on other “A” websites like Apple.com.
You can also add a “special character” and number that remain the same. If a website requires a “special character” or “number”, you’re already fulfilling that requirement: ButterT87*Toast for shopping at Target + birthyear + constant special character
Enable Multi-Factor Authentication whenever possible.
This should be used on any “primary email” accounts along with other websites that can potentially harm you. (Amazon should have MFA because an attacker could purchase a lot of items whereas compromising a cooking recipes account won’t harm you as much and shouldn’t need MFA).
Write your passwords down! (Yes, really)
Having a sensitive notebook or secure place to keep track of your passwords make it VERY easy to maintain and manage. This is also very helpful for loved ones if anything ever happens to you.
Anthony has been in the MSP business since before the acronym existed. Managed IT once started as break-fix solutions and some light phone support.
Since then, he has seen the industry flourish into a landscape of platforms, cloud servers, software tools and AI . Tailoring network configurations and software stacks to the specific needs of each business.
In his current role, he focuses on proactive planning, ensuring clients can avoid potential issues altogether. This involves meticulous planning for enhanced business continuity, allowing swift resolution of any unforeseen challenges. What initially began as addressing "fires" through break-fix solutions has evolved into a proactive approach, ensuring that such issues are prevented from arising in the first place.
