How to Manage Passwords for Optimal Security

When it comes to passwords, the longer the better. However, even if you have created a secure password, re-using it is the quickest way to undermine your security. If you reuse a password for multiple accounts, it is only as strong as the least secure service/website it is being used on. No matter how strong your passwords, if you do not take steps to handle them properly, your personal and private information can be compromised. Follow the tips below to help you manage your passwords.

Don’t Write Critical Passwords Down

If you have to write something important like your banking password down on paper, you did not design it to be memorable. Use a technique such as discussed in How to Create Strong Passwords to come up with your own personal master password. There are many ways to format a password so that it will stick in your head yet still be secure enough to protect your information.

Use a Password Manager

Can’t remember more than a couple passwords? Try a password manager or password safe. Some popular ones are LastPass, Dashlane, 1Password, and KeePass. A password manager will store all your usernames and passwords in an encrypted database so that all you have to remember is one master password.

Keep a Backup of Your Password Safe

Once you have a password safe, it’s important to keep a backup in case of emergencies. For example, in the rare instance that the website or application goes down, you’ll still have a copy of your passwords you can access. Many password safes allow you to safely export data into an encrypted file.

Be Careful with Security Questions

Security questions are great if you’ve forgotten a password or need an extra layer of security, but be mindful that the information you enter is not always private. Information like your mother’s maiden name or the city you were born in are often public facts that an intruder can use to hack into your account. It’s okay to use fake answers as long as they are unique and difficult to guess. These answers can also be stored in a password safe so that you don't forget them.

Use Two Factor Authentication

For additional protection for important banking, email, and social media accounts, turn on two-factor authentication. This requires that you provide an additional factor besides your password in order to verify your identity. This lowers the chance of an outsider being able to access your account.

Don’t Save Passwords to Your Browser

Many internet browsers offer to remember your passwords and other information for automatic form-filling. While this is convenient, it is not the most secure option when it comes to storing passwords. This is because these passwords are usually unencrypted so anyone who hacks into your computer can go to your browser’s settings to reveal all saved passwords.

Never Share Your Password

This might seem self-explanatory, but you should never share confidential passwords such as those to your banking account, email, and other important services. Legitimate organizations will never ask for your password by email, text, or phone.

Change Your Passwords

If one of your accounts has been hacked, you should reset your passwords immediately. It’s also a good idea to change your passwords every few months. This includes regularly changing the passcodes and PINs on your mobile devices. The RIT Password Standard requires that you change your RIT passwords at least once a year.


To learn more:

Why You Should Use a Password Manager and How to Get Started

Security Questions Infographic

Surveillance Self-Defense: Creating Strong Passwords