Password Best Practices

Here is a list of things you can do to protect your online assets. While this is not an exhaustive list and some are (hopefully) obviously, these password tips can go a long ways to protect yourself online.

• Always create complex passwords that are a combination of upper and lower case letters, numbers and symbols
• Never use a password that can be found in a dictionary --- dictionary attacks are common and can break passwords very quickly
• Never use your username as your password
• Never use easily guessable passwords such as a family member's name or birthday
• To help remembering your passwords, try swapping numbers and/or symbols for letters (instead of MyPassword, try M7P@s5w0rd)
• Never use your social security number or other sensitive informaiton for your password --- if your password happens to get leaked, having your SS# floating around isn't a great idea
• Avoid keyboard sequences like qwerty, 12345, or abcdeg
• Don't use words, use sentences or phrases.  They can be easy to remember and filled with numbers, letters and symbols.  (e.g. iLoveU2John!!)
• NEVER use the same password on different websites/services.  If one service gets breached, then your password for everything is exposed.  If you're going to reuse a password, reuse it ONLY on sites that contain no personal or sensitive information.
• Never store your passwords in plain text --- Some no no's are: on paper/sticky notes, a file on your computer, a file in one of your cloud services (Google Drive, Dropbox).  If you need to write your passwords down on paper, make sure the paper is stored somewhere secure place (e.g. home safe).
• Spring Cleaning --- update your passwords once in a while. 
• Be careful about saving your passwords in a web browser's caching system when you are no using your personal computer.  Most modern web browsers storage your passwords, doing so on a public computer is a recipe for disaster.
• Public computers (cont) - get familar with a web browsers Private or Incognito browsing mode that stores nothing while in use.  This is a good way to prevent the browser from saving your logins, sessions and data while you surf at a public computer.
• Have a lot of passwords?  Use a password manager.  I'm fond of LastPass.com.  It helps store all your passwords in a secure / encrypted master file, helps audit your security across your logins and other helpful features.  Obviously make sure your master password is extremely strong and you follow the tips above.