Password Policies and Creation Recommendations

Most businesses and insurance policies are requiring more complexity around the passwords used.
This, in combination with a second factor (Multi-Factor) ensures the best security for your accounts. 

Below are our recommendations for setting secure passwords, and ensuring they are memorable to yourself where needed.

General Guidelines

  • Please do not use your loved ones or pet's names. 

    • It’s easy to find your partner’s, child’s, or pet’s name. An attacker will try those passwords first.
    • Similarly, your street name, company name, hair or eye colour, where you 'grew' up etc. can easily be gathered from "Facebook" 'what movie star would you be' information and other general information.
  • Stay away from stand alone and obvious combinations of dictionary words.  
    • For example, “house” is an easily breached password. “Red house” is also very bad.
    • Randomly selected words is the best approach for memorisable passwords, which is detailed in our Passphrase recommendations below.
    • If you need to make your own passphrase, try to not have words related to each other. 
  • Stay away from other child/pet names, or common words
    • Attackers commonly use lists of other people's passwords. They may not know your friend's dog is named Buddy, "but Buddy2022!" will be one of the first passwords tried!

Password Recommendations

At minimum you should be using 14 Characters in length including an upper case, lower case, number and symbol. Generating this password can be done in two ways - a password manager for a very randomly generated password (normally used for websites where you can just use the plugin to auto fill the details) and a passphrase (combination of random words) for you to memorise for things like your Computer and Email logins.

Passphrase - Useful for PC Logins

One method of password creation we suggest is using Passphrases. This is most useful for things like your normal PC login, as it can be easily memorised.

A passphrase is a combination of unrelated words:

Example:

GlassesCardHeadphones

If your system requires a number and special character, you can add these in as needed:

Gl@ssesCardHeadphon3s

Another approach to generate a random, strong password is DinoPass - Simple password generator for kids - please don't let the kids label fool you, the passwords generated with the "strong password" option are a combination of unrelated words, provides the capital, number and special character in a readable format.

Clicking on "Another Strong Password please" will provide you a password that suits most needs and is normally easy to remember and pronouncable.

You can keep clicking "another strong password please" until you reach a password you feel you can read and memorise decently!

Password Strength
XKCD Comic Example of Password Strength

Please note: Where possible Consulting IT will block 'correcthorsebatterystaple' from being used! This is a well known comic example and is not a safe password!
This is just an example to how random and unlinked the words should be.

Password Manager Generated - Useful for Website Passwords

If you use a password manager (examples below are PassPortal) you can use this to generate random password which can be used for all websites and services. It is not recommended for these random passwords to be used for your computer login, as they are harder to memorise, but for website logins and other services they are perfect.

Your PassPortal plugin in Microsoft Edge has a random generator built into it. You can select the length and adjust other options also. Similar generators are available with all Password Managers as needed.

These type of random passwords are especially useful for websites, as your plugin will allow you to auto fill in the login details, meaning you never need to memorise the password at all!
The other benefit of a password manager, is the auto-fill will not work for fake websites which will help protect your login details even further.

While this may seem daunting at first, using a password manager (PassPortal) will make this easier as it will remember the passwords for you. 

If you need assistance with PassPortal, feel your company could benefit from using a password manager or need assistance with your own password manager product, please reach out to our team and we will assist you. 

Support

If you are having issues with the above user guide, please contact our helpdesk team on the details below: