• Office of the Comptroller

Checklist for safer passwords


Now that so many of us are teleworking, cybercriminals are looking for ways to take advantage to get into our business networks. Weak passwords are one of their best opportunities. Please keep the following in mind when creating your passwords.

  1. Use long, complex passwords with upper and lower case letters, numbers and symbols. Short simple passwords can be hacked in a matter of minutes.  

  2. Be careful in choosing phrases for a password. If a phrase can be found in a dictionary or book, it can be located by hacker software. Use “non-sensical” phrases or jumbled words that a program can’t easily solve. For example, “maryhadalittlelamb” is hackable. “LaMmbs#R#WhiTe” is less hackable.  

  3. Do not use the same password for multiple business accounts. 

  4. Do not use the same password for any personal accounts and business accounts, especially social media. If your social media account is hacked,  your business accounts can also be compromised.

  5. Do not use names (pets, businesses, family, friends, street names) in passwords, since hackers can find common names by screening social media and other public information.

  6. Do not use easily tracked patterns, like 1234, abcd, lmno, 3333, 121212. Easy patterns can be identified quickly by hacker programs.

  7. Do not use birth dates, postal/zip codes, or telephone numbers even if you add a symbol, since hackers' programs can screen for these patterns.

  8. Be careful where you store passwords. If you store in “contacts” be careful to mask some letters or numbers and the title so if your contacts are compromised you are not giving away your passwords.

  9. Follow your internet provider instructions and change your wi-fi router passwords routinely to prevent hackers from taking over your wi-fi accounts and smart TVs, cameras, or other devices.  

  10. Follow your internet provider instructions and add a separate work wi-fi network with a different password so family and work internet traffic are segregated. Ask your IT staff if you have questions on how to do this.

  11. NEVER share passwords.

OFFICE OF THE COMPTROLLER OF THE COMMONWEALTH

William McNamara, Comptroller of the Commonwealth

One Ashburton Place, 9th Floor, Boston MA 02108

comptroller.info@mass.gov

For your protection, please do not email personal information (e.g. Social Security Number, Bank Account Number, Passwords).

For assistance, please call us at

(617) 727-5000

  • Twitter
  • Facebook
  • LinkedIn
  • Instagram