Ten Commandments for Safe Passwords

Never keep your passwords on sticky notes.

We sometimes need login credentials for accounts that churches have set up elsewhere (domain registries, for example). About nine out of ten times we request the login ID and password for a church’s domain or hosting account, we see passwords that break all the rules for safe logins. 

We do understand why: Using the same password everywhere is so much easier than trying to remember lots of different login details. Using a password with the church’s name and zip code (just for example) makes access to online accounts easy because that kind of password is easy to remember. The trouble, though is that such passwords are as easy for a hacker to crack as they are for you to remember. And hackers are much busier than you might imagine. In just one year (2019), 7.9 billion records were exposed in 5,183 data breaches, according to CNET.

In the interest of promoting greater online safety, we offer these guidelines, recommended by many online security experts.

Ten Commandments for Safe Passwords

  1. Use different passwords for different accounts. If you use the same password for many accounts and any one of those accounts is compromised, all accounts with that password will be compromised.
  2. Do not use real words, e.g. words that can be found in a dictionary. Hackers use electronic dictionaries to try to discover passwords.
  3. Never use the name of your ministry or part of your address, ZIP code or phone number in your password. 
  4. Do not use sequential numbers, such as 123 or 789, or repeating numbers or letters, such as 777 or www.
  5. If you’re allowed, include special characters such as $ and # in your password.
  6. Long passwords are harder to crack than short ones, so use as many characters as your account allows.
  7. Are too many passwords makin’ you crazy? Use an online password manager. Dashlane is one free, easy-to-use password manager and has an inexpensive paid version we have used for years without complaint. LastPass, the most popular password manager, became a controversial option when the product’s new owners demanded that its free users pay up or lose access to all passwords to all of their accounts. CNET recommends Bitwarden as the best free password manager. Password managers can generate strong passwords, store payment information for quick online checkout, and auto-fill web forms with info you have stored in the apps. If you’re not already using a password manager, you’ll love how much time it saves you and how much more secure you feel.
  8. Check your passwords at Pwned Passwords to find out if they’ve been exposed in data breaches. Other tools that can help you discover whether your accounts have been breached: Google’s Password Checkup and Mozilla’s Firefox Monitor
  9. Never use the word “password” as part of your password.
  10. Out of ideas? Use an online password generator to create passwords for you. Here are three to try:  LastPass Password Generator. Norton Password Generator. Password Generator. “Overall, it is generally safe to use a password generator for your online accounts,” according to Google. “If your password generator’s settings are configured to create lengthy passwords containing letters, numbers, and special characters, rest assured it’s is generally safe for most purposes.”

Comments are closed.