There are 7 critical password rules to practice. in your daily lives. For an in-depth understanding of digital security, consider reading the four-volume Digital Identity Guidelines by the National Institute of Standards and Technology (NIST). Although it’s a comprehensive document primarily tailored for Federal agencies requiring highly robust security measures, it also includes a wealth of practical, accessible information. For example, the short appendix titled “Strength of Memorized Secrets” provides valuable insights into the necessary length and complexity of passwords.
Summary of the 7 critical password rules
- Ensure all your passwords are strong
- Use a password manager
- Never reuse passwords
- Avoid password hints
- Change default passwords
- Utilize multi-factor authentication whenever possible
- Only change passwords when necessary
Looking for advice on protecting your home and office from cyberattacks? Start by consulting experts who handle cybersecurity daily for the United States government.
To delve deep into digital security, read the four-volume Digital Identity Guidelines from the National Institute of Standards and Technology (NIST). This extensive document is primarily aimed at Federal agencies needing robust security, but it also contains practical, easy-to-read information. For example, the appendix titled “Strength of Memorized Secrets” discusses how long and complex passwords should be.
NIST also offers a straightforward Cybersecurity Basics page that distills technical information into clear guidelines for small business owners and managers.
For simpler and more practical advice, visit the Secure Our World website, run by the Cybersecurity & Infrastructure Security Agency (CISA). It’s designed for consumers without a technical background and is an excellent resource to share with friends and family to help them handle common threats.
Here are seven essential rules for managing your passwords:
- Ensure all your passwords are strong
- Length: At least 12 characters, ideally more.
- Complexity: A mix of upper- and lower-case letters, numbers, and symbols. Avoid dictionary words, your name, or the service name.
- Guessability: Make sure it’s not easy to guess.
- Use a password manager Most people have dozens, if not hundreds, of credentials. A password manager creates and stores unique, secure passwords in an encrypted database, syncing across devices. It also protects against phishing by recognizing authorized domains and refusing to enter credentials on fake ones.
- Never reuse passwords Reusing passwords across multiple sites makes it easy for attackers to gain access through a breach on one site. A good password manager will flag reused passwords and generate strong, unique replacements.
- Avoid password hints Password hints make it easier for someone to guess your password. Instead, use a password manager.
- Change default passwords Default passwords on devices like Wi-Fi routers and IP cameras are common entry points for attackers. Replace them with robust credentials.
- Utilize multi-factor authentication whenever possible Even strong passwords can be compromised. Multi-factor authentication (MFA), ideally using an authenticator app, adds an extra layer of security. Use MFA for high-value accounts like email, banks, and brokers.
- Only change passwords when necessary Regularly changing passwords can lead to weaker choices. Change passwords if they are weak, reused, or compromised in a data breach. Follow IT department guidelines if required, and let your password manager generate strong passwords that meet their requirements.
To learn more about password management and how US Service Center can help, please read more about it here or call us at 310-421-4090.
