Password hygiene refers to the practices used to create and manage passwords. These practices include how strong you’ve made your passwords, if you use the same one for multiple accounts, how you keep track of them, how often you change them, if and how you share them with others, and if you monitor your accounts for suspicious activity.

Counterintuitive Password Advice

It used to be common to hear that passwords should be changed regularly, even as often as every 3 to 6 months. In 2017, the National Institute of Standards and Technology (NIST), made the following recommendation: “Do not require that memorized secrets [passwords] be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.” The idea is that frequent password changes cause people to make predictable changes to their passwords, like changing a single digit at the end of the password.

Also counter intuitive is that longer passwords that are simple are better than shorter passwords that are complex. It’s better to create a password that consists of 15 or more upper/lower case letters than one that is only 8 characters but with upper/lower case letters, numbers, and special characters. We can verify this using the Bitwarden Password Strength Testing Tool:

Use Unique Passwords Across Your Accounts

An unfortunate reality of our online world is that companies have their systems breached and data stolen. When the data breaches include customer email addresses and passwords, the attackers will try to use the captured email addresses and passwords at other websites. The way to protect yourself from this is to use unique passwords across your accounts. Since this can make remembering your passwords cumbersome or impossible, it’s best to use a password manager to track your passwords.

Use a Password Manager

Using a password manager is the best thing you can do to have good password hygiene. A password manager will securely store your password and can help you create strong passwords. They can even check to see if any of your user accounts have been a part of a data breach.

Many password managers have phone apps and browser plug-ins, which will make it easier for you to log in to the websites you use. Some people use their browser to remember passwords rather than a dedicated password manager. This is okay and better than using a document or spreadsheet. For a full-fledged password manager, Bitwarden and 1Password are two good options.

Generally, it’s a good idea to refrain from sharing your passwords with anybody. When multiple people need to access a single account, a password manager can be used to share password access. Another feature that most password managers support is that they can be used as another factor in multi-factor or two-factor authentication. Rather than getting a text or using an authenticator app, you could use your password manager to generate authentication codes.

Good Password Hygiene Takeaways

  • For strong passwords, length is a more important factor than complexity.
  • Use unique passwords across your accounts.
  • Use a password manager to store your passwords.
  • Only share passwords when necessary and through a password manager.
  • Keep your password the same, unless you suspect your account has been breached.
  • Regularly check to see if your accounts have been breached; a password manager can do this.
  • If you find any of your accounts have been breached, change your password immediately.