12 Password Best Practices

The importance of strong passwords

Following password best practices is an important first line of defense!

Having a strong password is the first line of defense against cybercriminals gaining access to your personal information and accounts. Weak passwords leave all your devices open to attack, which can lead to identity theft and loss of privacy.

6 password “don’ts”

Six things to avoid as a best practice when creating passwords.

  • Don’t use the same password for multiple accounts. If you do that, a phisher only has to crack one of your passwords to gain access to all of your accounts.
  • Don’t use any personal information in your password, like your name or birthday. Use a phrase instead (but don’t use the example below).
  • Avoid using a password that is too short (or an easy-to-guess combination, like “iloveyou” or “12345”).
  • You shouldn’t write passwords on sticky notes, under keyboards, or near computers and phones.
  • Don’t use a simple dictionary word, such as “monkey”. Attackers try dictionary words first. Security experts call this an offline attack because they’re brute-forcing their way into your account by trying all dictionary words before moving on to other strategies.
  • Don’t share your passwords with anyone else who doesn’t need it — even if they are family members or employees!

6 password best practices to start implementing today

Six things you should do for password best practices.

  • Use a password manager, such as LastPass or 1Password. These apps can store, encrypt and manage your passwords to make it easy for you to use different longer and more complex passwords on all your accounts.
  • Where possible, use 2-factor authentication (also known as multi-factor authentication). Many websites allow you to add an extra layer of security by adding a second step to logging in using something else you have access to such as your phone. For example, after entering your username and password the website will send a verification code to your phone that you’ll need to enter before accessing your account.
  • Use longer passwords – 8 characters is no longer enough. Experts recommend 12+ character passwords made up of combinations of upper and lower case letters, numbers and symbols where allowed – which they acknowledge is difficult if not impossible for many people to remember making a good password manager essential!
  • Use complex passwords – this means avoiding common words such as “password” or “123456”, or personal information like birthdays or other dates significant dates including anniversaries etc., names of family members or pets etc.. In fact don’t include any dictionary words at all but rather use phrases made up of random words instead e.g., popular phrase: “i love whales”. Stronger password: Iwhale8lov3oceans!
  • Use different passwords for different websites/accounts. If one website gets hacked and your login details are stolen, there is no need for the hacker(s) be able to access any other accounts you have online (if they do get hacked too). Obviously, with such complexity it becomes difficult for most people to remember unique strong passwords. That’s why it’s important to use a good password manager – see above!
  • Create memorable passphrases that are easy for YOU to remember however difficult for others (or even computers) to guess.

Good password practices are your first line of defense against unauthorized access.

A strong password is your first line of defense against unauthorized access to your accounts. Following the password best practices found in this article, you can help prevent:

  • Data loss
  • Identity theft
  • Loss of money

When you create a secure password that features a combination of letters, numbers, and symbols, you’re lowering the odds of someone gaining access to your account. This helps whether it’s a hacker or an unauthorized individual.

Last Updated: May 15th, 2023Categories: Cybersecurity Tips, Tech Tips
Go to Top