Passwords are the keys to the kingdom...
Choose them carefully and guard them wisely!
Some critical passwords require the strongest protection.
Passwords such as these:
Your Windows login password.
The BitLocker password used to startup your computer.
Your email account password.
Financial services website passwords and PINs.
The startup and lock screen PINs for your cellphone and tablet.
Memorize these few critical passwords!
Any of these passwords can be changed if you have forgotten them.
Don’t let your Web browser save any of these critical passwords.
Only write them down if you can store them in a safe!
Never store the purpose of these passwords with the passwords themselves.
Other passwords can be handled differently.
You can allow your Web browser to save less important passwords.
It’s also okay to record them in documents stored on your computer.
Use a separate text file or Word document to store each password. For example:
File named:
2022-03-25 Substack.com Password.txtFile contents:
Website: czmyt.substack.com
Username: czmyt
Email: steve@czmyt.com
Password: 4R6h!S(%xk
Security Q&A: First pet? furlong seattle
Don’t store them within email messages.
It’s not worth recording some less important passwords because they can be changed easily if your Web browser forgets them.
Choose good passwords!
For critical passwords:
Choose four random words: pick them from a dictionary or thesaurus, not things that you see around you.
If the system has special rules, use the four random words plus the same number, symbol and pattern of capitalization.
Never use your birth-year, names of family members, or anything that relates to the company or you personally.
For less important passwords:
Choose 10 random characters: open a blank text file or Word document, don’t look directly at your keyboard, then type 10 random characters, some while holding down the shift key.
Copy and paste that new random password into the Web browser password field.
Don’t reuse passwords!
Never use the same password or PIN more than once for anything.
Never use a simple variation of a previous password.
If one account gets hacked, your other accounts should remain safe.
Treat password recovery questions and answers as if they themselves are passwords.
Never use the same security answer more than once for anything. They’re subject to being hacked just like passwords.
Never use real info for security answers and especially not publicly-available info.
Write down your security questions and answers in case you need them to recover forgotten passwords.
Don’t share passwords with your coworkers.
If we need your password, the request will come directly from a technology staff member or senior management.
You should change your password when we tell you we’re finished needing it.
Don’t share passwords with outside technology support unless it’s okayed directly by internal technology staff or senior management.
Make sure to change any passwords that were shared with outside technology support when their help is over.
Don’t let people see you type your passwords.
Consider not using your work laptop computer in public places.
Use your smartphone or tablet instead if you can.
If you have to type passwords in a public place, drape your jacket over your head and computer to make a cone of privacy. It’s geeky but effective.
Be careful of people peering in through windows to watch you type.
Change your password if someone finds it out.
Change it as soon as you can get to a private place.
Contact a technology staff member if you can't change it quickly.
Change temporary passwords.
When you receive temporary passwords, change them immediately.
Contact a technology staff member if you have problems with password changes.
Don’t give up and continue using temporary passwords.
Don’t send passwords via email.
... nor via cellphone text message.
Avoid mentioning them over the phone when possible.
When exchanging any passwords with authorized staff members, whisper to them in person, or use a secure smartphone app like Signal Private Messenger (for Android) or Signal (for iPhone).
Don’t use password manager programs or services to store your passwords.
Many of these password managers have an online component that has been hacked in the past. And they will be hacked again in the future!
If you allow your Web browser to remember passwords, never sign into the website associated with your Web browser.
For example, if you use Google Chrome, DO NOT sign in to Chrome using your Google account because that will send all your passwords to Google!
Review
Some critical passwords require the strongest protection.
Other passwords can be handled differently.
Choose good passwords!
Don’t ever reuse passwords!
Use fake info for password recovery questions.
Don’t share passwords with your coworkers.
Don’t let people see you type your passwords.
Change your password if someone finds it out.
Change temporary passwords.
Don’t send passwords via email.
Don’t use password manager programs or services to store your passwords.
See background info on this post.
My (Un)License is incorporated herein.