Passwords

Essential information on password management

Passwords are the keys that get you entry into so many things, including IronWiFi. As an attack vector, bad actors may try to take advantage of your passwords in order to get vital information about you or your customers. We’ve created a couple of tips on how to create and manage your passwords to protect yourself both on and off the ‘WiFi. Password Minimum Requirements

The minimum password criterium that your IronWiFi password must meet include:

  • 8 to 32 characters
  • At least one number and one letter

Remember, these are minimum requirements. We also encourage users to create longer passwords with both uppercase and lowercase characters, numbers, and special characters. Please keep reading for information on how to make your password more secure.

Create a Secure Password

Do:

  • Passwords should have a minimum of 8 characters: with the full set of allowed printable characters and an 8 character password, there are 645 trillion combinations possible. Source Boston University, “Creating a Strong Password”
  • Use a different password for every site, system, or application.
  • Use a randomly generated password rather than one with a naming convention or algorithm.

Do NOT:

  • Do not include personally identifiable information in your password (i.e. no usernames, phone number, birthdays, addresses, birth places, kid’s/pet’s names, etc).
  • Do not include general words commonly found in the dictionary in your password. For IronWiFi, you still need at least one number in your password.
  • Do not use an “algorithm,” like “sitename123”.
  • Do not write your password down, instead, use a password manager.
  • Do not email, text, tweet, commit, or otherwise share your password.

Don’t put your passwords in your code

  • Use API Keys
  • Create an environment or credentials file that includes your password(s), but that is in your .gitignore file.
  • Put your environment file out of the discoverable file structure - your code can get it, but your web server won’t serve it.

Never share your password

Never share your password. Not ever.

No IronWiFi representative will ever ask for your password.

  • Your password is YOUR password, not your assistant’s, developer’s, or anyone else’s.
  • With IronWiFi you can allow other users to access your account with their own password.
  • For your applications that send through IronWiFi, give each of them their own API Key.

Remembering all your passwords is hard

Especially, if you’re following the rules above. So, don’t remember them! Luckily, technology has come to the rescue with password managers. Password managers are applications that run locally, integrate with your browser, and store your passwords so you don’t have to. Wikipedia provides a list of password managers.