DATE COMPILED: 21/01/2017


- Don’t use dictionary words or names in any form in passwords

- Don't use common misspellings of dictionary words either

- Do not use your network username as your password.

- Don’t use easily guessed passwords, such as “password” or “user.”

- Do not choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, your Social Security or phone number, or names of family members. Never use information in a password or passphrase which can be found online.

- Don't use the name of the computer or your account

- Don’t store your password or passphrase within web applications

- Don't use sample passwords

- Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.

- Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.

- Do not use reuse a word or phrase if your account or passphrase has been compromised

- Whatever you do, don’t store your list of passwords on your computer in plain text. Store written copies of your passwords or passphrase safely. I tend to agree with noted security experts Bruce Schneier, when he advises users not to worry about writing down passwords. Just make sure you don’t store the information in plain sight. The most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).

- Never share your password or passphrase

- Do not respond to online requests for Personally Identifiable Information (PII); most organizations – banks, universities, companies, etc. – do not ask for your personal information over the Internet. PII includes but is not limited to:

    Full Name
    Social security number
    Date of birth
    Place of birth
    Driver’s License Number
    Vehicle registration plate number
    Credit card numbers
    Physical appearance
    Gender or race

- Password protect all devices that connect to the Internet and user accounts.


- A password must be at least 12 characters. The longer, the better.

- Select something memorable unique or specific only to you.

- Use multiple character sets. Create unique passwords that that use a combination of words, numbers, symbols, and both upper- and lower-case letters.

- Avoid using simple adjacent keyboard combinations: For example, “qwerty” and “asdzxc” and “123456” are horrible passwords and that are trivial to crack.

- Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke. Do not choose famous or well-known lyrics/lines/etc.

- Use letters chosen from words in a phrase or song lyric

- Combine a few pronounceable "nonsense" words with punctuation

- Add unexpected characters and removing some letters

- Change your password or passphrase regularly

- Use non-secure networks with care. Only connect to the Internet over secure, password- protected networks.

- Always enter a URL by hand instead of following links if you are unsure of the sender.

No comments: