Skip to main content
Password Best Practices

All Audiences: Standards and best practices to follow so that your accounts are protected.

Updated over 5 months ago

Passwords are used to protect access to your account from unauthorized users. When coming up with passwords for various accounts, there are standards and best practices to follow so that your accounts are protected.

Use a Strong, Unique Passphrase

  • String together 4 random words. For example: correctwhalebatterystaple

  • Use a minimum of 12 characters in your passphrase. The longer your password, the better.

  • Use a different password for each site you log into. This ensures that if another site is breached or your password is leaked somewhere, it can’t be used to log into another site.

  • Avoid these mistakes:

    • Using single dictionary words, spatial patterns (for example qwerty, asdf), repeating letters, or sequences (for example abcd, 1234).

    • Making the first letter an uppercase.

    • Substituting letters with common numbers and symbols.

    • Using years, dates, and zip codes.

Use a Password Manager

Password management tools help store and organize your passwords so that you don’t have to memorize all of your unique passwords. Many enable you to sync your passphrases across multiple devices and can help you log in automatically. These password managers encrypt your password library with a master password that becomes the only thing you just need to remember.

Enable Two-factor or Multi-factor Authentication

Enabling two-factor or multi-factor authentication provides an additional layer of security to ensure that you’re the authorized user logging into your account. Not all applications provide two-factor authentication, but when it’s available, it’s in your best interest to set it up. You can enable two-factor authentication on HackerOne under your profile’s Settings > Authentication.

Did this answer your question?