Skip to main content

As the situation in Ukraine evolves, businesses should be mindful of potential risks to their people, assets, operations, or supply chains in the region and globally. Marsh, as part of the Marsh McLennan family of companies, has created a page with information, tools, and resources related to the Russia-Ukraine conflict. Please visit the page for the latest information.

September 3, 2019

12 best practices to secure and protect passwords

Jeff Lightner

Year after year, businesses and employees must remain vigilant, ensuring they use strong passwords to keep information and systems secure. Here are 12 best practices to help keep your passwords protected. Review these tips and consider strengthening your passwords if they fall short.

1. Unique passwords
Create unique passwords that use a combination of upper- and lower-case letters, numbers and symbols. It’s often best to stay away from commonly used names, words and dates.

2. Avoid using your network username
Never use the same username that you set up for your computer network.

3. Don’t use easily guessed passwords
Avoid using passwords that people could easily guess, such as your birthdate, anniversary date, your name, the names and birthdates of your children, your social security number, phone number or names of family members. These may not be as confidential as you might think.

4. Don’t use common passwords 
You might be surprised at how many people use common passwords like “Password123” or simply “Password”. Come up with something unique and unguessable.

5. Refrain from using real words (dictionary words) 
Unfortunately, password-cracking tools are available for free online. These tools often come with lists from the dictionary; thousands of common names and words can be easily searched by hackers. If you must use a word in the dictionary, add a numeral and a symbol to them. Or spell them incorrectly. For example, use “Simbole” or “Sym3ell” instead of “Symbol”, and then add additional numerals and special characters: Sym3ell98@!$.

6. Don’t use simple keyboard combinations 
Many people use letters and symbols that are adjacent on a computer keyboard, such as “qwerty”, “asdzxc” and “123456”.

7. Avoid using the same password on multiple websites or apps 
Don’t re-use the same password at sites that collect and store sensitive information about you. And remember that your smart phone is a computer, follow the same rigorous protection on your iPhone or Android, that you would on your laptop or PC.

8. Never use your email password at any online site 
If you use your email password on an ecommerce site and the site gets hacked, there’s a good chance someone will be able to access your email account. As a rule, never use your email password anywhere else!

9. Don’t store your password in plain text on your computer 
It’s OK to write passwords down and keep them in a safe place, but don’t store them in plain text anywhere on your computer.

10. Good passwords 
Some of the best passwords are easy to remember that aren’t words but are a collection of words that form a phrase or a sentence. An example of this might be a opening sentence in your favorite novel, an opening line to a good joke or something personal, like: Iwasn’tbornin1998!

11. Password length is important 
Longer passwords are harder to crack, each character you add to a password or passphrase makes it immensely more difficult to hack.

12. Use an online third-party service 
There are several online, cloud-based services that help users store and protect their passwords, such as LastPass, DashLane and 1Password. If entrusting your passwords to a third-party online service is unsettling to you, consider local password storage systems like Roboform, PasswordSafe or Keepass. Just make sure you choose a very strong password for your master.

Strengthening your passwords can be a bit of a hassle, but complacency about the process and controls you have in place for your passwords is essential for your protection. 

For more information on keeping your information and business protected, contact your local Marsh & McLennan Agency representative at one of our many locations for assistance. Your local MMA representative is here to help your organization with all your risk management needs.