Avoid These Common Password Management Mistakes

Managing passwords is an important part of protecting you and your family online

As part of National Cybersecurity Awareness Month, the City of Boulder Innovation and Technology Department is sharing tips for staying safe online. Here are several common mistakes to avoid when managing passwords for accessing email, computers and wireless networks.

Never use the same password for everything

If you use the same password or a variation of the same password everywhere online, it's easy for someone to access all of your accounts once one has been compromised. If your password is exposed, you have to stop whatever you are working on and change your password in many places. If the exposed password allows access to your bank’s website, your finances are now at risk. If the exposed password allows access to your email, that allows whoever has your password to use the “recover my password” feature take over your account on any website.

The most important thing to understand is that retaining control of your email, bank accounts and credit card accounts should be a top priority. You will want to use a unique password for every online account. Also, turn on multi-factor authentication for these services, if possible. With multi-factor authentication enabled, it will be very difficult for an unauthorized party to access your accounts. Here is an article about multi-factor authentication and why you should start using it today.

Be sure to avoid short passwords

Short passwords can be easy to guess -- and are even easier to hack. It has been proven that password length is more important than character complexity in strong passwords. Complex characters also make passwords harder to type correctly, particularly on mobile devices. For this reason, consider using a password that is at least 20 characters long. Use a password generator tool to create strong, unique passwords for every account you manage. Every password management application includes this tool, and there are a variety of web-based password generators which can also be used generate strong passwords. It may help to use a phrase that you find meaningful and easy to remember, such as: themountainsarecalling! or small acts of kindness.

Don't write your password on a sticky note near your computer

Sticky notes and notebooks can be lost, paper may be damaged by liquids, and these materials can be easily viewed by people with access to your work space. Files on your personal computer may not be backed up, can become corrupted, can be deleted by accident, and may be accessed by anyone with physical access to your device.

Password management services are an acceptable means of managing your passwords, and can provide a good balance between protection and accessibility for your passwords for a low monthly cost. Several such services have fingerprint accessible mobile applications and helpful browser plugins.

For questions about cybersecurity, contact City of Boulder Chief Information Security Officer Benjamin Edelen at edelenb@bouldercolorado.gov.