Password Best Practices
General Informatics Answers Your Everyday Password Questions.
Q: Is it okay to have the same password for every account so it is easy to remember?
This is not a good idea; easy is rarely secure. If your password for one account is compromised, an attacker will likely try your password on different platforms to see what sticks.
Q: If I need a different password for different accounts, what is a safe way to store them so I do not forget?
The best way to store passwords for different accounts is through a password manager such as LastPass or 1Password. Most password managers have applications for various phones and web browsers. Just be sure to select a good password for it.
Q: I like to use things I can remember easily for my password, like my birthday or anniversary, is that okay?
Using information that is able to be found publicly is not going to be secure. Important names and dates that someone can determine from your Facebook, LinkedIn, or Twitter profiles will be the first passwords that malicious individuals use.
Q: How often should I change my password?
This is a question that can and will be debated. If the password is strong, then you should only change the password if there is a security concern or breach. Many platforms and applications use some form of device fingerprinting to validate where normal authentication comes from and can send alerts if anomalous activity is detected.
Q: When should I use Multi-Factor Authentication (MFA)?
Use MFA whenever sensitive or private information is disclosed. There is never a downside to making sure your information is more secure.
Q: Is it okay to save my password on my web browser, such as Microsoft Edge?
Saving your password to your web browser is better than saving it on your desktop in a text document labeled ‘Passwords’. However, it is more secure to use a password manager than the browser itself. The security between the two is comparable, but password managers are a better option since they offer more features and are able to be used on multiple browsers/devices.
Q: Is it okay to email my username and password to people within my organization?
Sending your passwords through email is not a good idea. It is only okay to send a one-time password through email because they require the password to be changed during the first login.
Share With Your Team
Have you noticed your team making these everyday password errors? We’ve got you covered! We created a shareable pdf with these Password Do’s and Don’ts to send out to your organization.