Password Dos and Don’ts

September 27, 2009 – 12:19 PM

Here’s a great list of password dos and don’ts for you to make sure that you are using good, strong passwords and protecting your accounts as much as you possibly can.

DO use a password manager such as those reviewed by Scott Dunn in his Sept. 18, 2008, Insider Tips column.

DO change passwords frequently. I change mine every six months or whenever I sign in to a site I haven’t visited in long time. Don’t reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire.

DO keep your passwords secret. Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away. If you must allow someone else access to an account, create a temporary password just for them and then change it back immediately afterward. No matter how much you may trust your friends or colleagues, you can’t trust their computers. If they need ongoing access, consider creating a separate account with limited privileges for them to use.

DON’T use passwords comprised of dictionary words, birthdays, family and pet names, addresses, or any other personal information. Don’t use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

DON’T use the same password for different sites. Otherwise, someone who culls your Facebook or Twitter password in a phishing exploit could, for example, access your bank account.

DON’T allow your computer to automatically sign in on boot-up and thus use any automatic e-mail, chat, or browser sign-ins. Avoid using the same Windows sign-in password on two different computers.

DON’T use the “remember me” or automatic sign-in option available on many Web sites. Keep sign-ins under the control of your password manager instead.

DON’T enter passwords on a computer you don’t control — such as a friend’s computer — because you don’t know what spyware or keyloggers might be on that machine.

DON’T access password-protected accounts over open Wi-Fi networks — or any other network you don’t trust — unless the site is secured via https. Use a VPN if you travel a lot.

DON’T enter a password or even your account name in any Web page you access via an e-mail link. These are most likely phishing scams. Instead, enter the normal URL for that site directly into your browser, and proceed to the page in question from there.


You must be logged in to post a comment.