Password Tips

Here is a list of things you can do to protect your online assets. While this is not an exhaustive list and some are (hopefully) obvious, these password tips can go a long ways to protect yourself online.

• Our business members can no signup for our Data Breach Monitoring service -- for only $1 per month, per email address.
• Enable MFA / 2FA when it's available.  MFA is short for multi-factor authentication and 2FA for 2-factor authentication.  This is the feature where you need to supply a PIN# from a text message, or a security code from an app -- both of which prove its you logging in and not someone else.
• Always create complex passwords that are a combination of upper and lower case letters, numbers and symbols.
• Never use a password that can be found in a dictionary --- dictionary attacks are common and can break passwords very quickly.
• Never use your username as your password.
• Never use easily guessable passwords such as a family member's name or birthday.
• To help remembering your passwords, try swapping numbers and/or symbols for letters (instead of MyPassword, try M7P@s5w0rd).
• Never use your social security number or other sensitive information as your password --- if your password gets leaked, you wouldn't like having your SS# floating around.
• Avoid keyboard or common sequences like qwerty, 12345, or abcdeg.
• Don't use words, use sentences or phrases.  They can be easy to remember and filled with numbers, letters and symbols.  (e.g. iLoveU2John!!)
• NEVER use the same password on different websites/services.  If one service gets breached, then your password for other sites is exposed.  Is there a good time to reuse a password? NO -- just don't do it!
• Never store your passwords in plain text.  Don't write it on paper/sticky notes, don't save it in file on your computer, don't put it in one of your cloud services (Google Drive, Dropbox).  If you need to write your passwords down on paper, make sure the paper is stored somewhere secure place (e.g. home safe).
• Spring Cleaning --- update your passwords on a routine basis. 
• Be careful to not save your passwords in a web browser's "save password" feature when you are not using your personal computer.  Most modern web browsers storage your passwords, doing so on a public computer is a recipe for disaster.
• Public computers (cont) - get familiar with the web browser's Private or Incognito browsing mode that stores nothing while in use.  This is a good way to prevent the browser from saving your logins, sessions and data while you surf at a public computer.
• Have a lot of passwords?  Use a password manager.  We're fond of LastPass.com.  It helps store all your passwords in a secure / encrypted master file, helps audit your security across your logins and other helpful features.  Obviously make sure your master password is extremely strong and you follow the tips above.