Passwords! They’re needed everywhere and it can be hard to keep track of them. However, having good passwords (and password policies) in place is essential to data security and therefore HIPAA compliance. Some of the biggest data breaches have come from a hacker guessing or cracking someone’s password and simply logging in to the system. So how can we make passwords a little less painful?

First, a few Don’ts

It’s easy to fall into bad habits when trying to come up with a strong password for the 19th website you need one to access… but especially when you’ve got PHI involved, keep these don’ts in mind.

  • Don’t use a basic password or one that is related to you and easy to guess.
    • Is your password “password?” Or your kids’ names/birthdays? These are super easy for someone with even the most basic computer skills to figure out.
  • Don’t write down your password – and especially don’t have it on or near your computer.
    • You might think you’re being tricky by putting it on a post-it under your keyboard, but that’s actually a pretty common hiding spot!
  • Don’t use the same password across multiple sites.
    • It’s easier to remember for you, but you’re making it easier for someone to find your one password and access everything.
XKCD Password Strength
Comic from XKCD

Tips to Do

Hint: Mnemonic devices are your friend! (Something like “My Very Educated Mother Just Served Us Nachos” for the order of planets from the sun)

  • Include different cases, along with numbers and symbols, and make it at least 8-12 characters long.
  • Try starting with a sentence and using just the first letters, adding some numbers, different cases, and symbols as well. 
    • “I am happy to be HIPAA compliant” becomes “Ia:)2BHc”
  • Choose completely random words and separate them with symbols
    • See the xkcd comic above
    • Think of a favorite painting or photo and pick random items from there – picture Van Gogh’s Starry Night and maybe your password is “swirL*-Steeple-*Mountain”
  • Change your passwords regularly.
  • Avoid using a password again for a year.
  • Use a password manager – create a super strong password to keep it secure, and then you just need to remember that one password.