Ensure that you have a strong password to protect access to your device and data. A strong password protects you, your employer, your colleagues and your clients. The National Institute of Standards and Technology (NIST) has revised its password guidelines to acknowledge that length is the most important aspect of a good password. Creating a strong password may seem like a daunting task but by following a few best practices you can create an easy to remember and secure password.
- DO use a passphrase
- Think of a phrase and then use the first letters of each word to create a complex password that is more memorable. For example, the phrase, "My jersey number when I played college soccer senior year was 27!" can be used to remember the password, "Mj#wIpcssyw27!".
- Avoid common phrases, famous quotations, and song lyrics.
- Use a sentence rather than a word. Ex. I love cybersecurity. Replace letters with numbers and special characters to make it more complex and harder to guess: Ex. I<3cybersecurt!
- Use a string of unrelated words that have meaning to you. Ex. December Glassware Forest Haircut
- DO use a unique password for each account.
- DO use complex passwords and change them in accordance with your agencies' policy.
- DO NOT use personal information associated with you or your family that could be looked up on the internet (e.g., names, phone numbers).
- DO NOT use repetitive or sequential characters.
- DO NOT use simple, easy to guess words.
- DO NOT reuse your personal passwords for work purposes.
- DO NOT accept "remember my password" or autofill prompts.
- DO NOT share your password with others, including friends and family.
For more information visit the following resources:
CIS Password Policy Guide: Passphrases, Monitoring, and More
Choosing and Protecting Passwords
Online Safety & Privacy Basics: Passwords
Protected Voices: Passphrases and Multi-Factor Authentication