Passwords protect all of your personal and corporate data on the web. Using strong and unique passwords is an easy step to protect yourself and your employer form hackers.
Password Best Practices
Use unique passwords that you can remember.
Do not use common, easily guessed passwords (123456, password123, abc123).
Do not user personal info in passwords.
Never email passwords back and forth.
Do not write your password down in open view(like on a post-it note).
Do not use the same password for multiple website.
Use 2-step verification when available.
Change your password often.
Make sure backup password options are up-to-date and secure(backup email address and phone number)
Consider using free password management sites or chrome extensions
Creating a “Strong” Password
Creating a strong, complex password will significantly reduce the likelihood of your account being compromised. However it is also important to use a password that you remember.
Here are some tips for creating a strong password:
Use a mix of letters, numbers and symbols.
Don’t use personal information
Don’t use common words(like “password” or “letmein”)
Try to be cryptic but still create a password that is memorable to you.
For example, instead using “goodtogo” try using a password like “G00d2g0!” They are essentially the same password, but the second is much more secure.
2-Step Verification
Two step verification is an additional layer of security that Gmail offers. When 2-step verification is enabled, you will complete 2 steps to sign into Gmail:
1.) Enter your password
Whenever you sign in to Google, you'll enter your password as usual.
2.) Enter a verification code
Then, you'll be asked for a code that will be sent to your phone via text, voice call, or our mobile app.
Keep it simple
During sign in, you can tell gmail not to ask for a code again on that particular computer. You'll still be covered, because we'll ask for codes when you or anyone else tries to sign in to your account from other computers.
How is this more secure?
Two step authentication requires something you know(your password), and something you have(your phone). This means that even if someone cracks your password, they will will be unable to log in because they do not have your device.
2-Step Verification Setup
In order to add two-step verification, you will need to enable it in your gmail account settings.
Sign in to your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then clicking Account.
At the top, click Security.
In the Password box, click Setup next to "2-Step verification." This will bring you to the 2-Step Verification settings page.
You will then see a step-by-step guide which will help you through the setup process.
Once you’re done, you’ll be taken to the 2-Step Verification settings page again. Be sure to review your settings and add backup phone numbers.
You’re done! Next time you sign in, you’ll receive an SMS with a verification code.
2-Step Verification FAQ
QUESTION: What happens if I lose my phone?
ANSWER: You should have added a backup number that can be used. Also, when setting up 2-step, you will be advised to print off backup codes. You can download the codes or put them in your wallet for emergency use.
QUESTION: What happens if I can’t get the SMS because I don’t have reception?
ANSWER: You can use the backup codes or backup number that you saved. Android users can also download the Authenticator App. This app will provide you with codes even if you have no cell reception.
QUESTION: What happens if I lose my phone AND my backup codes?
ANSWER: Your Gmail IT Administrator can provide you with backup codes for your account.
QUESTION: Do I have to enter the code each time I log in?
ANSWER: No, if it is a trusted computer you can tell it not to ask for a code for 30 days.
QUESTION: What about clients or Apps that don’t invoke 2-step authentication? (Like iPhone gmail App)
ANSWER: For these apps you will use ASPS (Application Specific Passwords). These passwords will be generated in your gmail security settings when you set up 2-factor. They only need to be entered one time into the app or client.