1. Don’t use a password on our Worst Passwords of 2012 list.
2. Don’t put your passwords in a Word document or a sticky note. Use a password manager like SplashID. Even if you don’t use SplashID, use one of our competitors. Keep sensitive data encrypted.
3. Don’t use the same password for every site. Especially when it comes to the most sensitive sites – your bank, your email, Facebook, etc. – use a unique password for each and don’t use those unique passwords anywhere else. That way, if one of your sites gets hacked, your vulnerability is limited, and you only have to change one password, not all of them.
4. Use a password generator, like the one found in the SplashID Safe edit record screen. You can specify length, strength, complexity, case, etc., to create passwords that are unguessable and impossible to hack.
5. Don’t share passwords over weak channels like email, text, or voicemail. It is sometimes necessary to share a login with a colleague or loved one. Resist the easy path of putting it in an email. That leaves a long-lasting plain text copy of it in a very low security zone, and more than likely sitting on a server somewhere for a long time. SplashID can send encrypted files to be imported, or just pick up the phone and say it. Just make sure the recipient of your sensitive data also follows these tips.