Password Best Practices

Author: David Hoffman 8/7/2011

Safer password practices for you and your customers are important. Hackers can employ algorithms that are cunning enough to try combinations of your domain name, name, birthday, etc., along with the standard common numbers, colors, and words.

Example:

If my name was Eric Romero, an administrator at the Texas Bicycling Association, with an email of eric-romero@txbikes.org, whose birthday was August 10, 1971, here are some example passwords that would be unsuitable, because they’d be cracked within seconds:

password, pass, pw, pass123, 123, abc, asdf, eric, romero, ericromero, eric81071, 08101971, august, 1971, erictxbikes, ericbikes, txbikes, test, biking, bicycle

Once hackers know that this password will get them logged in once, they’ll try this password out everywhere there’s a login. This might gain them access to all your confidential customer data. Your customers might, at the very least, get more spam and junk mail. At worst: identity theft, lost revenue, website downtime, etc.

An example of a moderately safe password would instead be: reso1V@$

Password Best Practices:

• As part of our ongoing security initiatives, here are some best password practices:
• An ideal password is long and contains letters, punctuation, symbols and numbers.
• Change your password on a regular basis.
• Do not use the same password for a number of logins.
• The greater variety of characters in your password, the better.
• Use the entire keyboard, not just the letters and characters you use or see most often.
• Do not use dictionary words or proper nouns in any language.
• Avoid passwords that contain personal information, such as your social security number, birthday, age, your name, company name, etc.

A password checker will evaluate your password’s strength. Here is a good password checker to try.

We encourage you to change your email, database and admin passwords now, and we recommend that you change them every 6 months.