Password (n): a secret that is used to gain access to a resource
Password best practices:
- Current NIST guidelines suggest that password length is more important than password complexity (see comic 1). Password length should be no shorter than 8 characters the general rule is the longer password the more secure it is.
- Do not use "password hints". Password hints give bad actors a better chance to access your account. If you forget your password it is simply better to have it reset.
- Use one password for each service you use (see comic 2). With unique passwords if one service is compromised then all of your other services are not instantly compromised. At minimum ensure that your email accounts and financial accounts have unique and sufficiently long passwords. Email accounts are important because they are often used to reset forgotten passwords for other services.
- Use a password manager to help remember passwords. In our District you can use Keychain Access in the Utilities folder to store passwords in a secure manner. Keychain Access can also be used to help create and test passwords.
- Knowledge-based authentication (recovery questions that ask "what your favorite food?") can be used to compromise your account.