Nine Tips for Creating and Using Good Passwords

By Linda Harvey, RDH, MS

We have become so comfortable with using passwords that we sometimes cut corners when creating or using them. But it is important to remember that, when we use passwords and User IDs to log into computers or websites, we must use the same care in safeguarding our patients’ privacy as we use in caring for the patients themselves.

By using secure, “unhackable” passwords we protect ourselves and our practice from security breaches—and the resultant HIPAA or HITECH fines.

  1. Don’t use your telephone number, social security number or date of birth.
  2. Don’t use a word found in the dictionary, even if it is only part of the password. Hackers have special programs for breaking such passwords. Instead, use the first letters of each word of a phrase: adhfl, for instance, which is the first letter of each word of the phrase “all dogs have four legs”. Or use the title of your favorite song.
  3. Use a mix of upper-case and lower-case letters: adHfL
  4. Include numbers, but don’t repeat a number, or use numbers in sequence. (12334578 is never acceptable!) adH2f9L7.
  5. If the site will allow it, intermix special characters: $adH>2f9L7
  6. Don’t use the same password for different sites. If a hacker can figure out your password for one site, he has them for all the sites where you’ve used that password.
  7. Store passwords in a secure place away from the computer.
  8. Change your password frequently, and avoid re-using passwords.
  9. Never send a password—or any other private information—in an email. Email is not secure.