Truework adheres to password selection best practices, as defined by the National Institute of Standards and Technology. Some of these best practices make our lives easier, such as not needing to rotate passwords on a regular basis. But others can be quite frustrating. This article aims to clarify Truework's password criteria, as well as actions you can take to protect your account.
Password Criteria
The most up to date password criteria can always be found on Truework's signup page. As of the time of writing, our criteria requires that your password meets the following requirements:
- at least 8 characters long
- not entirely numeric
- not similar to your name or username
- not previously appeared in a password breach
The first three criteria are fairly self explanatory. Passwords need to be at least 8 characters long, can't be all numbers, and can't be similar to your name or your email address. But the last criteria can be frustrating.
Preventing Breached Passwords
Truework uses a service provided by HaveIBeenPwned.com to securely check whether or not your password has previously been leaked by other websites. Please note that we never share your password with this service. Have I Been Pwned is a service that scours the internet looking for data breaches and providing information about those breaches as a service to help users secure their own accounts.
We restrict you from using previously breached passwords because when a password has been breached, it can also often be easy to associate that password back to you, and then used to try to login to your accounts across the internet. In order to protect your account and the data you entrust Truework with, we reject these passwords outright and require passwords that have never been seen in a password breach before.
If you're frequently being met with an error relating to a previously breached password, Truework recommends the use of a password manager to automatically generate a strong, unique password for Truework.
Password Managers
Password Managers are strongly recommended by security professionals. Not only do they make it easier to create strong passwords for websites, but they also make it easier to manage those passwords across all your websites, AND they make it harder to phish users. Instead of having to remember different passwords with different requirements for every website, you can just remember your password manager password and let your password manager do the rest of the remembering for you.
There are many password managers for all platforms. Before seeking one out yourself, make sure you ask your IT department or Security department for recommendations. They probably already have password managers for you to use! But if they don't, you can continue reading for some possible options to consider. Note that the password managers outlined below are not endorsed by Truework and have no relationship with Truework -- they are just well regarded password managers.
Browser Built-in Password Managers
Most browsers have built-in password managers these days. For example:
- Use Password Generator to Create More Secure Passwords in Microsoft Edge
- Generate a password in Google Chrome
- Tips for creating secure passwords on Mac
- How to generate a secure password in Firefox
Your IT department may have some or all of these options disabled. If they do, they may have a recommended third party password manager to use. Be sure to consult with them before making changes to your computer's settings.
Third-Party Password Managers
There are many popular third-party password managers, each with their own benefits and drawbacks. We can't list them all here, but some popular examples include:
Again, Truework does not have a relationship with any of these password managers. They are provided here for illustration and reference of well-regarded password managers.