🔒 Practice Good Password Habits

TYPE AUDIENCE PRIORITY COMPLEXITY EFFORT COST UPDATED
Conduct 🧑 ⭐⭐⭐⭐⭐ 🧑 🆓 2021-09-12

Rationale

Your door is only as strong as the lock on it. The same is true for your data and systems - by using a strong code, you reduce the chances that someone will break in. Of course if you lose the key and someone else finds it, the strongest lock in the world still won't keep unwanted guests out! That's why you want to practice good password habits, to keep your data and systems secure.

Instructions

What you should have done

As part of your preparation, you should have:

  1. learned to 🔒 Strengthen your Password Habits
  2. replaced all your weaker password by 🔒 Generate Strong Passwords
  3. stored all your passwords in BitWarden after you 🔒 Setup Bitwarden on Desktop

If you realise that some of these steps weren't completed, complete them first.

What you should keep doing

1. Exclusively use a Password Manager

  1. You should no longer be manually entering passwords to get into your online accounts.
  2. If you notice that one of your online accounts hasn't been added to your password manager yet, immediately add it to your password manager before continuing to use the service.
  3. Remember to 🔒 Generate Strong Passwords with Bitwarden to replace a weaker password you may have been using before.

2. Add New Accounts to Bitwarden

When you need to provide a new password for an account, you should:

  1. 🔒 Generate Strong Passwords with BitWarden
  2. then storing them in BitWarden as a new / modified login profile

3. Be Mindful of Cameras and Watchful Eyes

You want to keep your passwords private and secret at all times. The most sensitive time is when you enter your password into a device. So make sure that:

  1. Nobody can see what you enter into your device as you're unlocking it.
  2. There are no CCTV cameras recording you unlocking your phone.

4. Store Your Passphrase Offline

Ideally, you would only store it in your memory. But if there is any chance of forgetting the passphrase, then it's advisable to write it down on paper, and store it in a secure place that nobody else has access to.

5. Only Securely Share Passwords

Ideally, you would not share your passwords with anyone. But sometimes it may be necessary to do so.

  1. If you are a member of a Bitwarden organisation and the password should be shared across the team, use the built-in sharing feature to share passwords.
  2. If you only want to give temporary access to a person:
    1. Share the password by 📱 Avoid Text Messages over SMS
    2. Delete the message as soon as the other person has confirmed receiving it
    3. Confirm that the person is storing the password with the same level as caution as you are
    4. Once the person no longer requires access, use BitWarden to 🔒 Generate Strong Passwords and update the account's password. Don't forget to update your login profile in Bitwarden with the newly generated password.

6. Perform Password Security Audits

Put a recurring event into your calendar - every 3 to 6 months, to perform a password security audit, to ensure that your passwords have not been compromised.
1. If you have a Premium Bitwarden account, generate all the Vault Health Report

Pasted image 20210607171836.png

  1. If you don't have a Premium Bitwarden account, check with have i been pwned

7. Respond to Compromised PIN / Passphrases

If someone has seen you enter your PIN (or you realise that you entered it while a CCTV was recording you) or passphrase, you will want to change it:

  1. For a new PIN, see 🔒 Generate Stong PINs.
  2. For a new passphrase, see 🔒 Generate Strong Passphrases.