Characteristics of a Strong Password
- Cannot contain three consecutive letters of your name
- Contains both upper- and lower-case letters
- Includes numbers and punctuation (?!#-), as well as letters
- Is memorable (does not have to be written down)
- Is a minimum of 8 characters long
- Can be typed quickly (deters others from learning your password as you type it)
DO Use Phrases or Sentences
A particular effective technique is to think of a sentence and turn it into a password, such as:
-
wru2rxy? - Who are you to ask why?
-
bWiIso3! - Beware the ides of March!
-
J&Jwuth2fapow - Jack and Jill went up the hill to fetch a pail of water
-
GwIwg4argp - Gee, what I would give for a really good password
DON'T Use Personal Information
A weak password is one that:
- Uses personal information, such as your name, a friend's name, a pet's name, your phone number, social security number, birth date, or address
- Uses any single word in the dictionary, whether spelled frontwards or backwards
- Uses any single word with letters simply replaced by numbers, e.g., bl0wf1sh
- Is easy to spot while you're typing it, e.g., 12345, qwerty (top line of keyboard), or nnnnnn
Keep Passwords Secret
A new way for hackers to trick people into giving away their passwords and other personal information is through a scam called "phishing." Phishing is the practice of sending millions of bogus e-mails that appear to come from popular Web sites like eBay or Amazon. The emails look so official that many people will respond to requests for their login name and password.
The County, Microsoft, eBay, Amazon, PayPal, or any other reputable company never ask for your password through email. If you receive a request for your password, social insurance number, or other sensitive information via email, notify the company immediately by phone or through their Web site.
Password Changes: Recent Best Practice
The practice of rotating passwords frequently has changed. Only when an indication of a compromised password would a password change be required,
It is important to use different passwords for all of your County and non-County accounts. That way, if one account gets compromised, your other accounts will be less likely to be at risk.