Password Guidelines

From SonicWiki
Jump to: navigation, search

Your password is your first line of defense against unauthorized access to your accounts. Here are some tips for creating, managing, and protecting your passwords.

To reset a password on a primary account, use the password reset tool. If you know your password and just want to change it, use the Change Password tool in the Member Tools. See the Password FAQ for more information.

correct horse battery staple

Use a long password

A long, simple password may be more secure than a short, complex password, while also being easier to remember. The XKCD comic, while being funny, illustrates the point. A password, or passphrase, like “correct horse battery staple,” or 4 random words and 20 or more characters, or even “D0g...........”, is harder to guess or crack and easier to remember than a password like "gO0dP@S5". To be effective it is important that the passphrase chosen does not contain natural language or, even worse, a phrase from a book or song no matter how obscure it is.

Use a unique password for each account

This is very important. If you use the same password for multiple accounts, a password stolen from one site can be used to access the other accounts. If you do not reuse passwords, you eliminate this risk.

Use a password manager

It is impossible to remember all of your unique passwords so you should use a password manager. While does not endorse any particular service, some of the most popular password managers include LastPass, 1Password, and KeePass. Don't forget to use an exceptionally strong master password!

Don’t share your passwords

This includes support staff, friends and even family. Legitimate services will not ask you for your username and password over the phone or in an email ever.

Don’t accidentally share your password

Set the Master Password before using the “Remember Password” feature in your browser. Do not use “Remember Password”, or "Remember Me" and avoid accessing sensitive accounts on a computer that you don't own.

Keep your passwords recoverable

Keep your contact information up to date on all of your accounts to allow for recovering a lost password.

Further reading