Privacy Tip #102 – How to Educate Your Employees to Use Long, Easy to Remember Passwords

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

I feel like I have been writing about Passwords over and over and that’s because I have. Despite hearing about how important passwords are over and over again, compromised passwords continues to be an issue for organizations.

Since the National Institute of Science and Technology (NIST) recently published new guidance and is recommending the use of Long easy to remember passphrases, I thought it was an opportune time to give you some of my tips when I educate client employees on recommended practices regarding passwords.

It is important that when an employee sits down at his or her company work station or laptop, that s/he can remember his or her password without having to refer to any written piece of paper (like a sticky note taped to the front of the workstation or inside the laptop) or check the notes on their phone. (I refer to these two examples as this is what many employees do every day so they can remember their password. You have to get it into their brain that they have to memorize their password. It must be in their brain. I liken it to Tom Cruise in Mission Impossible getting his instructions and then they self-destruct. Employees in general like Mission Impossible movies and laugh, but get the point. They need to come up with a password that they can memorize and it self-destructs and is not retrievable.

I am a believer in the use of long easy to remember passphrases, which is consistent with NIST’s guidance. One example I use is Myfavoritecolorispurple$ or, Myfavoritecolorisblue! This of course is not my password, but it is a clear example of a complex passphrase that is easy to remember. It has a capital letter, lower case letters and a number or symbol. My IT colleagues approve and say it is complex enough for most password requirements.

When you give your employees ideas for long easy to remember passphrases like the ones above, tell them not to actually use the example! They need to come up with a unique phrase that they will remember when they log on to their computer. Give them subject matter ideas like hobbies, (IwishIwasasingledigithandicap/) or travel (IloveNewOrleans$) or animals or pets (Icaught5bass!) or seasons (Fall!smyfavoriteseason).

You get the drift.

The other nice thing about using passphrases is that NIST agrees they can be used for a longer period of time so employees don’t get frustrated with having to change their passwords every 60 days.

So check out the new password guidance from NIST here and try to make the password education fun and engaging.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide