Basic Password Hygiene

Basic Password Hygiene: Tips for staying secure online.

imagesCloud services promise to provide easy access to your data from anywhere and from any device including laptops, tablets and smartphones.  Any website that collects your personal information and requires a username/password combination could be considered a cloud service.  But these days, not a month goes by without reports of hacks against these services with thousands, or even millions of accounts compromised.

Cloud services are here to stay but many still need improved security.  The risk of losing control of your personal information is real, but there are things you can do to minimize damage to your personal information should your provider get hacked.

Basic password hygiene:

  • Use only complex passwords
  • Use a different password for every service – and consider a password manager
  • Change your passwords on a regular basis


One way hackers gain access to password-protected systems is by using a “cracking” program.  Many cracking programs attempt to guess passwords by trying lists of dictionary words against the target username.  This is why it is important to never use simple words (as found in the dictionary) as your password.

When someone says “complex” passwords they’re referring to seemingly random sequences of letters, numbers and punctuation marks. The longer (at least 8 characters!) and more random the password gets the harder it is to crack it with this “brute-force” approach.

An easy way to create a difficult-to-guess (yet easy-to-remember) password is to use a passphrase – such as four random words strung together.  Or, you can use a mnemonic: taking the first letter of each word in a favorite song title and combining them together into one unintelligible mess of letters that only you know.


This is a hard thing to do for most people but it’s important in the event one of your online accounts gets hacked so that the hackers don’t immediately try to compromise other accounts of yours on other services.

You can use tools (such as a simple spreadsheet) to track these passwords. Or, create your own “algorithm” that only you know: modify a base password based on the name of the website you are using utilizing a repeatable formula (as long as the resulting password is still complex!)

A number of tools have been developed over the past few years which really help manage this process:

LastPassLogoLastPass is highly recommended because it installs plugins into your web browsers and can automatically detect login boxes and fill them in.  LastPass tracks and generates passwords automatically on a large range of websites.  It also allows you to generate and store very complex passwords without any manual intervention and works with a wide range of devices.

Other software designed to make password management easier includes KeePass, Keeper and 1Password.


Keep the bad guys guessing – change passwords on your web accounts on a regular basis.  Six months is a good recommendation across the board, but you may want to change your password more frequently on sensitive sites such as banking services- quarterly or even monthly is much more secure.

Track your password change dates or use a tool like LastPass (above) to keep track of password age for you.


A good way to minimize damage from website hack attempts is to use basic password hygiene. Complex passwords that are different for every service and changed on a regular basis will help keep the bad guys out and minimize damage if they do get in. Tools such as LastPass and KeePass can help you keep all of your passwords under control.