Setting a Strong Password
Setting and Securing a Strong Password
In today’s computing environment, setting a strong password is critical to adequately protect your critical data and personal information. A strong password is a must in order to stump savvy hackers, robots, and automated tools from guessing your password. Setting passwords like “qwerty123”, “iloveyou”, etc. are weak and guessable.
Additionally, there is always the challenge, of setting passwords that can be remembering in light of corporate password strength policy and which are what the security industry considers strong. Along with the strength of a password it is recommended that the same password not be used for multiple sites. So, there are ways to set passwords that are effective and can be remembered and that are uniquely used. Here are a few tips in setting a strong memorable password and keeping it secure:
- Make your password as long as possible. Minimum requirements are always changing due to the advancement in computing power, so setting a long password is essential. Here are MCPHS University Active Directory password requirements.
- Construct a password using a sentence or the lyrics of a song that are easy for you to remember, incorporating corporate strength requirements. For example “If at first you don’t succeed” you can use “1f@1stUDnt”.
- Use different passwords for the different sites you go to unless the site(s) are tied into your corporate Active Directory services.
- Avoid using portions of birth-dates, addresses, and any other individual attribute that can be blatantly tied to you. For example your child’s birth-date would be easily guessable. For a number you can use something like the mileage between your home and work.
- Use a nonsensical phrase or sentence as a password. For example the sentence, “The dog barks hurt my feet”, could be “Th3D0gzB@rkHrtMiF33t”, where you use a capital letter only for the first letter of a word.
- Don't let your browser remember the password for you. If your PC is stolen that could lead to a password compromise. Consider using a secure password manager. Some popular options include 1Password, LastPass, KeePass and PassKey.
- Always use Multi-Factor Authentication (MFA) where available.
- Provide obscure answers to security questions or use non-obvious questions: Many times, security questions have answers that are easily obtained by hackers. For example: Your first pet’s name? Your kindergarten teacher’s name? Your mother’s/father’s middle name? An obscure answer for the question “What city were you born in?” would be “BostonRedSox” instead of “Boston” for example.
- Avoid falling for Phishing attempts where you are asked to input your username and password. Even the strongest password would not survive you giving it away.
- Don’t share your password with anyone.