Proactive Password Practices

A person has an average of 150 online accounts. With so many accounts these days, its important to make sure those accounts are secure with the right password and practices. Below are frequently asked questions about passwords, with answers you should follow.

How often should you change your password?

It is recommended that you change your password every three months. This is especially important for businesses – about 60% of companies have more than 500 accounts with non-expiring passwords.

In addition, businesses should avoid requiring users to change their passwords on the same schedule – the whole team shouldn’t change their passwords on March 1st, scatter their expiration dates and changing schedules. When changing password, it’s also important to not recycle the same passwords or modify part of the password like Hairbrush1, Hairbrush2, Hairbrush3.

Change password if*:

  1. You’re a victim of a data breach
  2. You get hacked
  3. You’re a victim of fraud or theft
  4. You set up a device that has a default password
  5. Your password is sent over an insecure channel
  6. You enter a password on a public device
  7. Your password is weak
  8. You want to stop sharing an account

*If 1-3 occur, also contact your IT provider right away!


What does a strong password look like?

A strong password should follow these rules:

  1. Include numbers: this will add complexity to the password.
  2. Include characters: this will add complexity to the password.
  3. Don’t use personal information: don’t reference your personal information like name, birthday, or addresses.
  4. Don’t use real words: avoid using real words, hackers can use programs that can process words from the dictionary.
  5. Lengthy password: passwords should be 8-16 characters long.

Default Passwords

When you have a device or software that comes with a default password, change the password right away! You’ve seen the crazy passwords your wi-fi router or smart devices have as a default, you don’t want this as your password anyways but these are also readily available online so hackers can easily access them.

Where should I store my passwords?

A password manager, like LastPass. LastPass can safely store passwords and even generate ones. It keeps usernames and passwords in one safe place and allows users to safely share passwords with others. For more information on password management, click here.

Should I write down my passwords?

No! You should not write down your passwords, as it makes you vulnerable to theft. It’s also common that writing down passwords, you will be more likely to re-use the same passwords for other account. Password reuse is also not recommended, it will increase your chance of being hacked.