Password Best Practices

Passwords are used to protect access to your account from unauthorized users. When coming up with passwords to various accounts, there are standards and best practices to follow so that your accounts are best protected.

Use a strong unique passphrase

  • String together 4 random words. For example: correctwhalebatterystaple
  • Use a minimum of 12 characters in your passphrase. The longer your password, the better.
  • Use a different password for each site you log into. This ensures that if another site is breached or your password is leaked somewhere, it can’t be used to log into another site.
  • Avoid these mistakes:

    • Using single dictionary words, spatial patterns (for example: qwerty, asdf), repeating letters, or sequences (for example: abcd, 1234).
    • Making the first letter an uppercase.
    • Substituting letters with common numbers and symbols.
    • Using years, dates, zip codes.

Use a password manager

Password management tools are helpful in storing and organizing your passwords so that you don’t have to memorize all of your unique passwords. Many enable you to sync your passphrases across multiple devices and can help you log in automatically. These password managers encrypt your password library with a master password that becomes the only thing you just need to remember.

Enable two-factor or multi-factor authentication

Enabling two-factor or multi-factor authentication provides an additional layer of security to ensure that you’re the authorized user logging into your account. Not all applications provide two-factor authentication, but when it’s available, it’s in your best interest to set it up. You can enable two-factor authentication on HackerOne under your profile’s Settings > Authentication.