Password Security and Best Practices

October 7, 2024

Passwords act as a gateway to your online accounts and potentially your online identity, whether for academics, social networking, online banking, etc. As a result, they are highly coveted by malicious parties. Recent high-profile breaches involving comprised passwords in 2024 include:


Best Practices to Keep Your Accounts Safe:

  1. Use Strong Passwords
    • A strong password should be at least 14 characters long and include a combination of uppercase and lowercase letters, symbols, and numbers. In some cases, special symbols are not allowed, but should encourage you to remain consistent with a longer password length.
  2. Reset and Refresh Passwords Frequently
    • OISE Education Commons recommends every 90 days.
  3. Create a Unique Password Per Application/Device/Website
    • Create a unique password for each website or application you log into. Using one password for multiple devices, applications, and websites is not recommended and may make you more vulnerable to malicious parties.
  4. Utilize a Password Manager Application
    • Authorized applications such as 1Password, Azure Key Vault, and Passwords (on Apple devices) provide a secure platform to create, store, and manage your passwords. These applications can also send you reminders if a password has been compromised or needs a reset, generate a strong password, or notify you if a password needs to be more complex.
  5. Remove Personal Information From Your Personal Password
    • Passwords should never include names, birthdays, pets, hometowns, etc. as this data can be easily accessible online and exploited.
  6. Do not Share Passwords
    • Never share personal passwords with anyone.
    • If working collaboratively, use a password management application to share passwords securely amongst a team. At OISE, 1Password is approved for this type of collaboration. To request access to 1Password, please submit a ticket using the Education Commons Online Service Hub.
  7. Do not Write Down Passwords
    • Online applications such as Word and Sticky Notes are not reliable and may accidentally be shared with unintended audiences. In a physical environment, passwords may be viewed by unintended parties when a notebook or paper is in the open.
  8. Use Passwords in Collaboration with Multi-Factor Authentication
    • Multi-factor authentication applications like Duo Mobile and Microsoft Authenticator can add an extra layer of protection to your accounts. They use a secondary authentication request to ensure that the correct person is accessing an application, even with the correct password. When using these applications, it's important to continue resetting your passwords regularly.

Additional OISE Resources

Share this Article: