By Alexa Rivetti.
Tired of your on-again, off-again relationship with your password? Maybe you’ve tried something new, but can’t remember it and always go back to the same old one.
This month, resolve to dump your password and form a relationship with a passphrase. NIST, the National Institute of Science and Technology, came out with new recommendations in 2017 and excited the security world. Gone are the old days of gobbledygook in which you’re encouraged to come up with a totally unique word that has 1 uppercase letter, 1 lowercase letter, a special character and number that has nothing to do with you or your pets and must be changed every ninety days. The new guidelines suggest you:
- Form a passphrase.
Length and memorability are key. “ilovemy#1ITserviceprovider” for example, would do just fine. Or you could envision your happy place and pick a series of images that make sense for you. An example from my imagination would string together couch-glass lamp-3 favorite books. Many sites still require old password rules, so I would have to include special characters, etc. if that were the case.
- Make it last.
Don’t change your passphrase unless you feel it has been compromised. Changing your passphrase too often may lead to forgetfulness and confusion.
- Make it exclusive.
Your passphrase should only have a relationship with one platform. Don’t recycle the same phrase for multiple accounts. Your banking and email accounts should not share passphrases with your social media accounts.
- Use a password/phrase manager.
This tip deserves its very own article (which we’ll come out with soon!), but it doesn’t mean you shouldn’t start considering this option now. Managers keep all your passphrases in one convenient, encrypted location, and utilize multi-factor authentication. Check out CNET’s list of the best password managers of 2019 to learn which manager is best for you.
At Tower 23 IT we can help you install the latest firewalls and security systems, but staff is truly your first line of defense. Therefore, it is important to talk to all your employees about password protection.
If you have any cybersecurity concerns, please don’t hesitate to email us at firstname.lastname@example.org.