When you come up with a password, what is the first thing you think about?  I bet it is something easy to remember and has a combination of information specific to your spouse, your kids, your dog, or yourself.

Do you remember the following breaches, Equifax, T-mobile, Facebook, etc.?  These breaches put virtually all of our information out on the web to be sold to the highest bidder(s).  With information from several large breaches, what is near and dear to your heart is easy to figure out.  So what do you do?  You need to be able to remember your passwords; otherwise, what is the point?  Right? 

The first suggestion is not to attempt to remember all your passwords.  Use a secure, encrypted password vault.  There are many out there and if you use these types of solutions you can keep your passwords in the vault and access them, as needed. 

Below are recommendations on password best practices.

1. DO NOT use any personal information or combination of personal information in your passwords
2. DO NOT use common dictionary words
3. Use a combination of  uppercase and lowercase letters, numbers, and special characters
4. The longer the length of your password the harder it will be to “crack”, suggest at least 8 characters, but the better practice is at least 12
5. DO NOT use the same password across multiple accounts
6. DO NOT any part of your username in your password
7. Change your password every 90 days if it has access to personal or sensitive information
8. DO NOT share your password with anyone
9. USE a secure, encrypted password vault 
10. DO NOT write down your passwords and store them in a “safe” location
11. Do annual clean-up of your accounts.  If you no longer need them, delete your account to mitigate your risk

Passwords are important to keep secure.  You cannot be sure that your password is being stored and protected correctly.  Follow these best practices to strengthen your access management protocols.