13 critical tips for password security | Heart Internet Blog – Focusing on all aspects of the web

13 critical tips for password security

21/01/2011

Posted in Misc

As a web host, security is something we prioritise. In no particular order, here are our top tips for choosing and using passwords:

1.Avoid the obvious

Don’t use your name, the word ‘password’, your username, your date of birth, your website name or similar. You may be rolling your eyes at this advice because it’s the most obvious in the world, but there are a surprising number of people still doing this.

This is particularly important if you’re setting up an account for someone else as they may not remember to change the initial password you’ve given them.

2.Change assigned passwords

If you’re assigned a password rather than choosing your own, change it at the first possible opportunity. Not only will it make it easier to remember, but it will save you hanging on to old emails.

3.Don’t write your passwords down

This includes storing them in emails, having them in documents on your computer or writing them on paper. You’ll be able to reset your password if you forget it.

4.Think carefully about your answers to secret questions

Secret questions were designed to make it easy for you to reset your password or access your account if you forget your original password, by asking you for your first school or other personal information. However, people you know offline will probably be able to answer the question(s) easily enough, and sometimes this can be an issue (for example if you’re resetting a password for something like a Hotmail account where answering the questions correctly will allow you access to emails). If you have the option to create your own secret question, then take it and choose something very obscure. If you don’t have that option, then deliberately choose a wrong, but memorable answer to your question, e.g. using your grandmother’s maiden name instead of your mother’s, or the name of your first child rather than your first pet.

5.Have different passwords for different accounts

This makes things more complicated alongside #3, because remembering your passwords can get quite tricky. However, third party websites can suffer from hacking, and security flaws in social networking sites aren’t uncommon. Many people make the mistake of using the same password for all their accounts, which can cause a lot of problems – particularly if websites send you unencrypted password reminders.

6.Be aware, but don’t panic

When popular sites suffer from security breaches, it’s often news sites and social networking sites that will draw your attention to the problem first. Avoid scaremongering comments and always search the problem to see if it actually exists (to make sure it isn’t media spin or a scam). You can then take the steps to change your password, freeze or close your account etc. accordingly, depending on the scale of the problem and what’s affected.

7.Change passwords on a regular basis

Again, if you have a lot of different passwords then this can be a pain, but it’s an effective security measure and worth taking the time to do.

8.Choose strong passwords

Dictionary words are easier to crack, so avoid these and use a combination of letters, numbers and special characters where possible. Most sites require you to have a password of at least 6 characters, and longer is often better. Many websites analyse your password when creating or changing it to give you an estimate of how strong it is:

Use a combination of letters, numbers and special characters where possible, and try to use at least 8 characters. Always mix uppercase and lowercase letters, don’t use keyboard patterns (e.g. ‘qwerty’) or sequential numbers (e.g. ‘123456’). Avoid repeating characters (e.g. ‘999zzz’), and passwords listed as examples of how to choose a good password.

9.Never disclose your password for anything to anyone

No one should ever contact you to ask you for any password via email or another form of web communication – so don’t reveal it, even if it seems like a request from a source of authority.

10. Keep your security up to date

Check your computer for spyware, malware, viruses and so on on a regular basis, and always keep your anti-virus software up to date. Use the Internet sensibly: don’t click anything that looks suspicious, make sure all your website’s scripts are up to date, and only use third-party add-ons from trusted sources.

11. Keep organised

Be aware of where your details are stored (particularly for email accounts and websites which have your billing information). Close any unused accounts you have and make sure you stay up to date. Don’t have multiple accounts for the same website if you can avoid it – this will also help save you time in searching through emails and so on.

12. Log out

Always log out of sensitive accounts after you’ve finished using them, and try to avoid using critical accounts on public computers where possible.

13. Don’t let your guard down in public

If you use your computer or a smartphone in a public place, be aware of your surroundings and who’s looking at your screen or watching you type in your passwords. Try to avoid saving passwords on your phone or tablet computer as these are much easier to lose or steal on the go.

 

Comments

Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Got a question? Explore our Support Database. Start a live chat*.
Or log in to raise a ticket for support.
*Please note: you will need to accept cookies to see and use our live chat service