Treat your passwords and pass phrases with as much care as the information that they protect.
Use strong passwords to log in to your computer and to any site where you enter your credit card number, or any financial or personal information—including social networking sites.
Use these tips to help keep your passwords safe.
• | Don’t reveal passwords to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Read about how to encourage kids to keep passwords secret. |
• | Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Don't store passwords on a file in your computer, since criminals will look there first. Also, don't carry passwords around in your wallet or hide them under your keyboard. A good rule to keep in mind is not to leave a record of your passwords anywhere that you would not leave information that the passwords protect. |
• | Never provide your password over e-mail or based on an e-mail request. Any e-mail message that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from trusted companies or individuals. E-mail can be intercepted in transit, and e-mail messages that request information might not be from the senders they claim. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more. Learn more about phishing scams and how to deal with online fraud. |
• | Do not type passwords on computers that you do not control. Computers such as those in Internet cafes, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to visit chat rooms, check online e-mail, bank balances, business mail, or any other accounts that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. With these devices malicious users can harvest information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect. |
• | Use more than one password. Use different passwords for different Web sites and services. If any one of the computers or online systems using this password is compromised, all of your other information protected by that same password should be considered compromised as well. It is critical to use different passwords for different systems. |