FTC Offers Tips on Creating Secure, Complex, Unique Passwords, Security Questions
Passwords should be long, complex and unique, and shouldn't include common words, phrases or information, FTC Privacy and Identity Protection Division Legal Fellow Whitney Merrill wrote in a blog post Thursday. “Attackers often use a dictionary of previously exposed passwords…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
and information gathered from the Internet to help them guess a password,” Merrill said. After a breach, passwords should be changed quickly, she said. Since many people have trouble keeping track of all their passwords, Merrill recommended use of a password manager, “an easy-to-access application that allows you to store all your valuable password information in one place.” If an individual forgets a password, some companies offer a chance to answer security questions to regain access, she said. Individuals should choose security questions only they know the answers to and avoid questions where the answer may be available in public records or online like a zip code, mother’s maiden name or birthplace, Merrill said. Individuals should also avoid questions that allow a hacker to easily guess an answer like what state an individual was born in and the color of the person's first car, she said. Answers to security questions should be complex, she said. For example, “if the security question asks ‘What is your favorite childhood memory?’ the answer ‘watching the Dodgers with my mom’ is more secure than ‘baseball,’” Merrill said.