Microsoft recently announced that they are changing their stance on password policies. Following their requirements, companies had policies in place that forced employees to change their passwords every 30-90 days depending on whatever was deemed appropriate. Did you really trust your employees to create passwords every 30 days and remember them? We know that most of you out there just increment the number at the end, or even worse, tape the new and fancy password to your keyboard. At least your company forced you to change it every 30 days. That way, if someone stole your password the next day, or obtained your old post-it from your trash bin that you freshly ripped off the keyboard, would only have 29 days to access your account… genius.

Apple has been releasing press on their own single sign-on button – akin to Google and Facebook logins (I suppose I should also mention Yahoo’s Account Key solution). These solutions might be the future of how we handle security in logging to the vast multitude of sites flooding the internet. Whether you decide to remove your forced password changes, use a password manager, single sign-on services, or multi-factor authentication, keep in mind that somewhere along that chain a password is still necessary.

The best passwords are the ones that are most difficult for programs to brute force. You can look up lists of best practices on the web, but to keep it simple, we find that the best guidelines are to use multi-factor authentication and a long password that is easy for you to remember. Choose three words or a phrase that you can flip the words around, put some special characters and numbers in between and you should be golden. Do you have a dog that loves treats? 2Biscuits_for!Fido. A password similar to that will most likely never be hacked by today’s technology. If the day ever comes that hackers achieve quantum computing that can guess your passwords in milliseconds, it’s a good thing you still have multi-factor authentication in place.

Regardless of how good your password methods are, however, the easiest method for hackers to get into your stuff is to convince you to give them access. See our post on protecting yourself from social engineering. And last, but not least, don’t write your passwords down or tape them to your keyboard!