Your password strategy is critical to your security.
Here are some ideas:
- Every website password should be unique (Please Note: Don't use the below example. It is now available on a public website, so is not secure.)
- Pick a base password, that is at least 8 characters long (some websites don't allow 10 character passwords), that uses upper case, lower case, and at least 1 number. Punctuation is good as well, but some websites don't allow punctuation in your password.
- Bill.com allows longer passwords -- your security is important to us. For us, your bank and other highly secure sites, choose 10 characters or more.
- Make sure the password means something to you but does not contain personal information. A good base password choice would be: 2McitK, which comes from the meaningful phrase Too Many Cooks In The Kitchen.
- Then for each website you need a password for. take 2+ characters from the domain name you're signing up with (keeping in mind that some domains are short, but its easy to come up with a scheme around this). For example, you could take the first and last character of the domain you're signing up with (excluding the www and the .com)Bill.com would become: bl.
- So your password for linkedin could be: 2McitKbl which is not a dictionary word, and if someone were to look at in clear text its not easily identifiable that the last two characters are determined by the domain name. When you decide to change the password (or are forced to change it) you can simply decide upon a character to increment, so for example, 2McitKbl could become: 3McitKbl
- Have a different base password for different types of things, for example: Personal, Business, and Financial passwords, so that even if someone DOES figure out your scheme, at least they are limited in the scope of damage they could do.
- Don't ever type your password into someone else's computer -- even if it is an SSL website, they could knowingly or unknowingly have a keylogger installed.
- Don't share your passwords with anyone, even loved ones.
- If you're using public internet access be very careful that you only type your password into sites that use SSL, and if you see any SSL warnings, immediately disconnect and stop using the connection, as this mean someone could be sniffing your passwords or otherwise trying to cause harm