Password Best Practices
Your online safety is important, and your password is one of the most important ways to keep yourself safe. Here’s our guide to creating a password to help you keep your information secure.
Use a Passphrase, Not a Password
You’re better off using a longer passphrase rather than a short complex password. Each additional character added to the password makes it exponentially harder to guess for hackers.
What do you think is easier to guess? Ad3lph! or ilikepuppiesandkittens? Even though Ad3lph! has a combination of capitalization, numbers and special characters, the fact that it is shorter makes it much easier to guess.
The strongest password will have length with some complexity, but not something that’s too difficult for you to remember. If you have a misspelled word it makes it harder to guess as well. Think ilikepupp3rs&kitteNs; you’ll remember this more easily than T2&sd9L!, and you’ll be more secure.
Use Different Types of Characters
Include a combination of numbers, special characters, upper- and lower-case letters.
You should also mix it up a little bit; three symbols in a row is not as effective as having them broken up randomly by other characters.
Use Multifactor Authentication
Multifactor authentication (MFA) is an extra precaution that requires you to put in an additional code that you receive through your phone, email or app (such as Google Authenticator) whenever logging in on an unfamiliar device. You should use multifactor authentication (MFA) whenever it is available to best safeguard from hackers.
Consider Passwordless
In addition to multifactor authentication, you can also opt-in to “passwordless” authentication if you use the Microsoft Authenticator app. Although you will still need your password for certain applications, most services available through Microsoft can be set to sign in with a code in place of a password. This method requires access to a mobile device (such as a phone) and a one-time code, which is more difficult to steal than a traditional password.
You can find more details on passwordless authentication on Microsoft’s website.
Use a Different Password for Each Account
Using the same password for every account might make it easier for you to memorize, but it also makes it easier for a hacker to gain access to ALL of your information. Diversify your passwords across accounts to ensure your info is secure.
Use a Password Manager
A password manager will store all your passwords for you, and even create unique, strong passwords for each account you have. You only have to memorize one master password, and you’re more secure than before. Awesome, right?
You should look into multiple options before deciding what’s best for you.
Please note that Adelphi University does not endorse any specific or particular password manager.
Don’t Use Common Terms
Names, addresses and dictionary words are easily guessable by hackers. You might think that your dog’s name and your street address number are a clever combo, but it’s something a hacker would look for.
You should also avoid sequences like “12345” or “qwerty,” as they are common and easy to guess.
Test Your Password
Ensure your password is strong by putting it through an online testing tool.