Government of the Republic of Trinidad and Tobago

Password Best Practices

Password Best Practices

A lot of our modern life takes place online and most of our personal information is locked away behind passwords. But is your password secure? Here is a list of password best practices to help secure your online presence.

Use a Passphrase

The days of crazy and complex passwords are over. Those passwords are hard to remember, difficult to type, and actually encourage users to adopt poorer password practices (like using the same password on multiple accounts). The key to passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. Example:

  • Traffic-On-The-Highway-Today!
  • Is_it_time_to_go_home_yet?

Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, etc.). If your friends can find it, so will hackers. You will run into websites requiring you to add symbols, numbers, or uppercase letters to your password, which is great but remember that length is key.

Keep it a secret!

Do not share your password with anyone – not even the IT department! The information you have is valuable to a threat actor. Don’t write it down and don’t keep it in a Word document entitled “Passwords”!

Mix it up!

Use different passwords for different accounts. This ensures that if one account gets comprised, the others won’t be at risk. Want to check if one of your accounts is already comprised? Visit

Two-Step Verification

Two-step verification (also called two-factor authentication or multi-factor authentication) adds an additional layer of security. It requires you to have two things when you log in to your accounts: your password and a numerical code which is generated by your smartphone or sent to your phone. This process ensures that even if a cyber attacker gets your password, they still can’t get into your accounts. Enable this whenever possible, especially for your most important accounts! On this site you can find a list of websites and whether or not they support Two-Step Verification:

How do I remember all these passwords?

Use a password manager! Password management tools, or password vaults, are a great way to organize your passwords. They store your passwords securely, and many provide a way to back-up your passwords and synchronize them across multiple systems. Here are some password managers: