Password Best Practices

  • Never Share Your Password: Often employees feel comfortable sharing passwords with other employees or supervisors. This is a dangerous practice. First, you lose accountability – you cannot track who did what because people have shared accounts. In addition, once a password is shared it may become more widely shared than expected.
  • Never Re-Use Passwords: Many users will use the same password for all their accounts. While some sharing of passwords is acceptable, it should be only for non-critical accounts. If your Facebook login and password are the same as your work or online banking login and password, you are increasing the risk of account compromise.
  • Never Save Passwords to Public Computers: Logging into confidential networks but from public computers, such as at an Internet Cafes, hotel lobbies or airport terminals, is dangerous activity. These computers may be infected or, at the very least, reside on compromised networks. End users should authenticate only on trusted systems they control.
  • Beware of anyone who asks for your password: No one should ever ask an end user for their password. If someone asks for a password assume they are an attacker. This is a simple lesson that should be continually reinforced.
  • If your password is compromised: If you think your password has been compromised report the issue to IT and change your password immediately.