Five tips for better password security

Five tips for better password security


In 2016, Keeper Security conducted a study of the most commonly used passwords and evaluated ten million accounts. The number one password, used on 17% of all accounts, was “123456”, with number two being “123456789”. The word “password” came in at number eight. Other people tried passwords like “qwerty,” and “qwertyuiop.” If you currently use these types of passwords, they will not be effective in securing your data. Sure, more complicated passwords are harder to remember, but completely necessary given the increase in phishing attacks and ransomware intrusions. 

If you’re like many people, you have multiple logins and multiple accounts. Trying to remember all of them can be difficult. While there is no guarantee that your information will never be compromised (i.e.,  Equifax, Deloitte, Yahoo, etc.), here are some tips that will make it much more difficult for attackers to get into your account.

1. Do not write down your password or keep it in plain view

     Keeping a password written down beside your computer makes life easy for an attacker. Cyber-criminals have developed some very creative ways to get into office areas and look for passwords. There are a few options available to keep passwords stored and out of sight. Password manager applications are available that you can download to your computer.

2. Avoid using passwords that are easily guessed or trivial

     This Huffington Post article on Password Security shows the top twenty-five most used passwords. Take their advice, as well as these tips when creating your password:

  • Don’t use words from the dictionary
  • Most password cracking software will try every word in the dictionary
  • Don’t use passwords based on what people might see on your social media accounts
  • If your Facebook main page shows a picture of you in your favorite NFL t-shirt, an attacker might guess your password

3. Use long passwords that have multiple words and symbols to increase their complexity

     A long password with symbols and words makes it extremely difficult for “cracking software” and attackers to guess.  It seems like this might increase the likelihood of forgetting your password. However, there are ways to make them easy to remember. Phrases that you will never forget like song titles, the opening line of a book, or something your mother told you a lot as a child are good places to start.

4. Never use your VUMC email address or ePassword for other accounts.

     Sometimes, an account will not keep information about you but use your email address as your username. It might be convenient to use the same password for that account as your work email, but if your non-VUMC account gets compromised, then you can be assured that an attacker will read all of your work emails in the very near future.

5. Use Multi-factor Authentication whenever you can

     Multi-factor Authentication (MFA) is a security mechanism that uses a code in addition to the standard username and password combination to log-in to an account. It adds another, secure step to the login process.  A user’s preferred device (usually a smartphone) sends a code or a text whenever he or she tries to log-in. An attacker might get your username and password, but they need the code from your phone or device to get into your account.


Two characteristics among efficient attackers are curiosity and patience. An attacker will slowly track a user and gather pieces of information and combine it for a larger attack. By bullet-proofing your passwords and storing them somewhere safe, you can help prevent some, if not most attacks. Further, prevent attacks by adding another layer to your password. VUMC has an MFA tool that can assist you in protecting yourself and your information. Password security is another way VUMC employees can assure their own data and the data at the Medical Center is safe.