Creating and Storing Secure Passwords

  1. Intranet
  2. AskIT
  3. Cyber Security

Creating Strong Passwords

Good password selection and management can help keep your accounts secure and minimise the risk of compromise.

Consider the following tips to improve the security of your password:

  • Strong passwords should:
    • Contain at least 12-16 characters (or more, if the system supports it!)
    • Be entirely unique to each system (re-using a password gives attackers access to more of your information and resources when they compromise that password.)
    • Not contain your name or personal information
    • Not be a single word or common phrase
    • Not be shared with other people or written down on paper
  • Consider:
    • Enabling MFA for any service that supports it (This means attackers can’t log in even if they know your password!)
    • Using a password manager app, which can securely store all your passwords (see below for tips on using password manager apps)
    • Using a ‘pass-phrase’ (a password combining several words), such as a quote from your favourite book or movie, or a reference you can easily remember; or,
    • Take the first letter from each word and punctuation in a sentence to create a complex password you can easily remember. For example, “5 minutes ago, I came up with this random sentence.” could become “5ma,Icuwtrs.”

Storing Passwords Securely

Passwords can be hard to remember, and it is considered best practice to use a unique password for each of the personal websites and services you have access to.

A password manager can help you keep track of all your passwords in one place and make it easy to retrieve those passwords and enter them into websites and services as you need them

If you do choose to use a password manager, it will contain every password you use. It is then very important to use a strong and memorable password to protect it. You may also be able to take other pre-cautions such as requiring multi-factor authentication (MFA).

While looking for the password manager that may be right for you, advice from renowned vulnerability researcher Tavis Ormandy is “… using the one already built into your browser”. Browsers like Google Chrome, Microsoft Edge, Apple Safari and Firefox provide many of the same functions as an online password manager, including integrating with your browser, while avoiding the issues found in third party password manager integrations.

Our recommendation is try out the password manager functionality in your web browser and see if it works for you. ZDNet have an article that will get you on your way: https://www.zdnet.com/article/is-it-ok-to-use-your-browsers-built-in-password-manager

If you are still unsure of the benefits of a password manager, How-To Geek have an article that may help https://www.howtogeek.com/445274/how-safe-are-password-managers

If you are interested in a third-party online password manager, tom’s guide has an article available: https://www.tomsguide.com/us/best-password-managers,review-3785.html

Tavis Ormandy's article on Password Managers can be found on their personal website https://lock.cmpxchg8b.com/passmgrs.html