ITRC Solution 32
To keep your accounts safe, ITRC recommends adhering to the following steps when creating a password:
- It should contain at least eight characters.
- It should contain a combination of at least three of these four different types of characters – upper case letters (ABC), lower case letters (sger), numbers (184), and special characters (such as: !#$%&*_=+? ).
- If there is only one capital letter or special character, it should not be the first or last character in the password. Correct Example: iH82wkl8 (I hate to work late).
- Avoid using a name, slang word, or any word in the dictionary. There are computer programs that can run through entire dictionaries looking for your password. It should not include any part of your name or your e-mail address. Example: “banaPPle (short for banana apple).”
- Choose a strong password for sites where you care about the privacy of the information you store. You can take a sentence and turn it into a password. For instance, “This little piggy went to market” might become “tlpWENT2m.”
- Use a different password for all sites – even for the ones where privacy isn’t an issue.
- Never trust a third party with your important passwords (webmail, banking, medical, etc.) Never write down your passwords in a phone book, in an unencrypted/password protected file on your laptop, computer or other electronic device, like a PDA.
- A password should never be your favorite pet’s name, nickname, phone number, birth date, or something that a person could learn from your social networking profiles or an internet search.
- If you must have sensitive information on your computer, invest in a biometric device such as a fingerprint reader in order to form a two-factor authentication control and encryption capability.
This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to firstname.lastname@example.org.