Tips for password security

Password Security with a Strategy

Your password strategy is critical to your security. Here are some ideas to improve the security of the passwords you use:

  • Every website password should be unique
  • Pick a base password that is at least eight (8) characters long (some websites don't allow 10 character passwords)
  • Use both upper and lower case letters and at least one number
  • Symbols and punctuation can be good as well, but some websites don't allow non-alphanumeric entries in a password
  • Bill.com allows longer passwords because your security is important to us
  • Banks and other highly secure sites often require passwords that are at least 10 characters long
  • Make sure the password means something to you, but does not contain personal information

Examples of a Strong Password

An example of a good base password choice would be 2McitK, when it comes from the meaningful phrase "Too Many Cooks In The Kitchen"

  • You can then create unique iterations for each website login
  • When you take two or more characters from the domain name, the password to your Bill.com account could become 2McitK+Bl, 2McitK+BilL, or 2McitK&bll
  • When you change the password, you can decide to increment from that base again
  • McitK+Bl could become 3McitK+Bl or 2McitK+Bl2

Unqiue Password bases

Have a different base password for different types of use

  • Personal, business, and financial passwords should be unique from the base password, so that even if someone manages to crack the code, they will be limited in the scope of access they have

Keep your passwords secure

  • Don't ever type your password into someone else's computer
    • They could knowingly or unknowingly have a keylogger installed, even from an SSL website
  • Don't share your passwords with anyone, even loved ones
  • If you're using public internet access be very careful that you only type your password into sites that use SSL
  • If you see any SSL warnings, immediately disconnect and stop using the connection, as this means someone could be "sniffing" your passwords or otherwise trying to cause harm

Things to know

  • One final note: Please don't use the examples we've provided. Since they are available on this webpage, they are not secure.