Skip to main content

Best Practice for Creating Passwords


You’re ready to begin your eFiling process for the 2017 filing season. You return to Tax1099 for the first time in a year. You stare at a blinking cursor in the password box, sigh, and finally select “Reset Password.” New year, new password. You’ve likely heard these pieces of advice regarding passwords:

  • Create a complicated password. Pack it with special characters, and a mix of numbers and letters.
  • Don’t use a password you use for another account; each password should be unique.
  • Change your password regularly.

These rules lead to passwords so complicated, and so frequently changed, that users have a hard time remembering them. Changing a password again leads to the same issue, and so the cycle continues. Every time a password is changed, it is easier to forget, so users begin to store passwords. Sticky notes and note pads “hidden” under keyboards begin to crop up, which become a security issue.

Passwords following these rules cause even more problems for offices that share logins. The inefficiency caused by frequent password changes would be worthwhile, if the practice made for more secure apps and information. According to the new report from the National Institute of Standards and Technology, this is not the case.

The National Institute of Standards and Technology has updated its guidelines for creatin g and changing passwords. As published in this article from NPR, the new guidelines will overturn the often-recited rules about changing and creating passwords.

In their new list of guidelines (read the full document here), the NIST suggests long, simple passwords. The passwords do not have to be different for every platform, nor do they need to be changed frequently. Why not?

The NIST recognizes, as do hackers, that many people will not completely scrap their old passwords when required to do so by an app or other platform. Most of us will change one or two characters. This defeats the purpose of creating a new password, as the changes are often easy to guess.

So, best practice for creating passwords: make them memorable, but hopefully only to you and/or your team.

Tax1099 successfully completes a SSAE 16 Type II audit each year. We use every precaution in keeping your sensitive data secure. We continually research best practice for security, and adapt our platform to match federal recommendations. For more information, view our FAQ sheet on Security & Insurance.