Consider using a passphrase rather than a password. A passphrase is a phrase or sentence; a password is typically composed of a single word or set of numbers. Strong passphrases are generally 20-30 characters; a password is generally 6-10 characters. A strong passphrase can provide an added level of security.
Below are tips for creating a strong passphrase:
- Use phrases that are meaningful to you but not easy to guess, even by family members or friends. Examples include favorite song lyrics (e.g., JustASmallTownGirl$$LivingInALonelyWorld!) or childhood pet names (e.g., Fido&Mr.Kitty&Bandit).
- Use a mix of upper and lowercase letters.
- Add numbers and symbols (!@#$%). You can also change some letters to symbols (e.g., A is @).
- Do not use sample passphrases found online.
- Avoid well-known quotes, song lyrics, or phrases.
- Structure it to be easily memorable.
- Do not use the same passphrases across multiple devices or websites. As frustrating as it can be to end up with a long list of passphrases, protecting things like confidential client information or your bank account is worth the effort.
- Change your passphrases regularly.
- If an account is compromised, do not reuse the passphrase in a different location.
- Do not store passwords in an easily accessible location, such as on a sticky note next to your computer or in a document titled “passwords.” Consider using a password manager program such as LastPass.
- Do not share your passphrase with others. Yet keep in mind your duty to plan ahead in the event of your incapacity or death, and be sure that someone is able to find your passphrases in order to protect your clients’ interests. You can find additional information in our publication “Planning Ahead: A Guide to Protecting Your Clients’ Interests in the Event of Your Disability or Death,” which is located on our website at www.osbplf.org > Services > CLEs & Resources > Publications.
Many smartphones and other mobile devices now have the option to change your settings to allow for passphrases (often called a “custom alphanumeric code”) and multi-factor authentication (e.g., sending an access code to you via email prior to log in or a fingerprint). Yet if a particular device or website only provides single-factor authentication such as a passphrase, consider implementing the suggestions above to achieve an enhanced level of security for your data.