Passwords are everyday options for all of us – both personal and business. To keep our information secure, we are being asked to create longer and more complex passwords everywhere, but what are the good password practices that you should use?
I wondered if I had previously written something about passwords and I did Password Security – make your passwords secure with these tips back in 2021.
I think it’s now time for an 2023 update…
Characteristics of a Good Password:
The strength of a password is determined by its length, complexity, unpredictability, and variation. Let’s explore each of these options in detail.
Length
The longer, the better! 😏
Passwords with more characters are harder to guess or crack using brute force attacks*.
The standard requirement for most passwords is a minimum length of 8 characters.
However, it’s recommended to use passwords that are 12 characters or longer.
Next time you have to create a password, stop and read the notes – you’ll see 8-12 characters a lot of websites.
Longer passwords offer better protection against cyber-attacks, because they are harder to crack.
One option is to use three (or more) words as your password, or even make a phrase into your password (also known as a passphrase).
I do know of one company that requires a password of 21 characters – although they do use other biometrics (fingerprints, facial recognition etc) for daily logging in. 😏
*A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations’ systems and networks. The hacker tries multiple usernames and passwords, often using a computer to test a wide range of combinations, until they find the correct login information. From https://www.fortinet.com/resources/cyberglossary/brute-force-attack
Complexity
A complex password is one that contains a mix of uppercase and lowercase letters, numbers, and special characters/symbols.
For example, a strong password could be “P@$$w0rd”.
The use of special characters, numbers, and mixed cases increases the complexity of the password, making it harder to guess or crack.
Avoid using simple dictionary words or common phrases as they are easy to guess or predict.
Tip
Don’t put the capital at the beginning of the word.
Unpredictability
A good password is unpredictable. Avoid using information that is easy to guess or can be found online.
For example, using your name, date of birth, or pet’s name as a password is not a good idea.
Instead, use random combinations of letters, numbers, and symbols that have no connection to you or your personal information.
Of course it does need to be something that you will remember and be able to type in!
Variation
Using the same password for multiple accounts is not a good practice – actually it’s really bad.
And this includes the same password and just changing the number at the end! 😠
If one of your accounts gets hacked, the attacker can use the same password to access other accounts.
Instead use a unique password for each account.
A password manager can help you keep track of multiple passwords.
Note: Password managers are the next blog post topic 😁
Common Password Mistakes
Here are some common password mistakes to avoid:
Using easily guessable information: Avoid using information that can be easily guessed or found online, such as your name, date of birth, or pet’s name, favourite items (holidays, brands, etc), in fact anything that could be found in your social media.
Repeating the same password: Using the same password for multiple accounts is risky. If one account gets hacked, the attacker can use the same password to access other accounts.
Using personal information: Avoid using personal information, such as your family names, phone number, or address, as a password. This information can be easily found online and can be used to guess your password.
Writing down passwords: Writing down passwords on a piece of paper or saving them in a document on your computer or phone (without a password) is a bad idea. If someone gains access to the paper or computer, they can easily access your accounts.
Tips for Creating Good Password Practices
Creating and managing strong passwords can be challenging. Here are some tips to help:
Use a password manager: A password manager is a software tool that helps you create and manage strong passwords. It stores all your passwords in an encrypted database, and you only need to remember one master password to access them.
Use a passphrase: Instead of using a password, you can use a passphrase. A passphrase is a sequence of words that are easy to remember but hard to guess. For example, “mydogisverycute” is a passphrase that is easy to remember and harder to guess than a single word password.
Regularly update your passwords: It’s essential to regularly update your passwords to keep them secure. Experts recommend changing passwords every three to six months.
Avoid reusing old passwords: When updating passwords, avoid reusing old passwords. Use a unique password for each account.
Enable two-factor authentication: Two-factor or multi-factor authentication adds an extra layer of security to your accounts. It requires you to provide two forms of identification to access your account, such as a password and a verification code sent to your phone.
More and more companies are offering additional authentication. If it’s available, then I recommend setting it up. It might be a pain to have to enter more information, but “better safe than sorry”!
A Password for Each Account
(I know that I’ve already said this, but it is really important!)
As I said in a previous post (Let’s Talk Basic Cyber Security Essentials), once these people have a password of yours, they will search for other sites that you have an account with and try the password that they have, in the hopes that you’ve used it, or something similar before.
Solution – have a different password for each account.
This way if one password is revealed, it won’t affect any other account.
Check Passwords Through Your Web-Browser
If you store passwords in your web-browser (and who doesn’t), then you can also take advantage of a built-in option to check your passwords to see if they have been
Google Chrome
Microsoft Edge
Final Thoughts
Using strong passwords is crucial in protecting your personal and business accounts from cyber-attacks.
A good password should be long, complex, unpredictable, and varied, although you do need to be able to remember and type it.
Avoid using easily guessable information, repeating passwords, using personal information, and writing down passwords.
Instead, use a password manager, use a passphrase, enable two-factor authentication, and regularly update your passwords.
By following these tips, you can ensure that your online accounts are well protected.
Next Steps
Take a look at your passwords – yes all of them!
If some of your passwords don’t follow these suggestions, then don’t delay – update your passwords today following these good password practices.
Remember, a good password is the first line of defense in protecting your online identity.
Other Data Security Posts
Let’s talk basic cyber security essentials
How to stay safe from email scams
What are good password practices? (current post)
Do you really need a password manager?
How many email addresses do you need?
Recent Posts
- The Quickest Way to Navigate Microsoft Teams
If you spend a lot of time in Microsoft Teams, you’ll know the struggle — endless scrolling through chats and channels trying to find the one you need. The Microsoft Teams GoTo command is here to fix that. It’s a simple keyboard shortcut that takes you straight where you need to go, no scrolling required.… Read more: The Quickest Way to Navigate Microsoft Teams - Can’t Find Your Unread Teams Messages? Try This First
Have you ever noticed a notification in Microsoft Teams telling you there’s an unread message, but no matter where you look, you just can’t track it down? You’re not alone — it’s one of those small but genuinely frustrating things that can eat up your time. The good news is there’s a really simple way… Read more: Can’t Find Your Unread Teams Messages? Try This First - Pin Messages in Microsoft Teams – and Actually Find Them Again
If you’ve ever shared something important in a Teams channel and watched it disappear into the scroll, you’re not alone. The good news is that you can pin messages in Microsoft Teams so they’re easy to track down later. The slightly less good news? Microsoft moved where your pinned messages live, and it’s not where… Read more: Pin Messages in Microsoft Teams – and Actually Find Them Again - Never Lose a Teams Chat Again With This Simple Trick
Have you ever lost track of a chat in Microsoft Teams and ended up scrolling through your entire sidebar trying to find it? It’s one of those small frustrations that happens more often than it should. The good news is the Microsoft Teams filter text box is already built into Teams and means you should… Read more: Never Lose a Teams Chat Again With This Simple Trick - The Truth About Microsoft Copilot Security for Business Owners
If you’ve been wondering about Microsoft Copilot data privacy — whether it’s snooping through your files or feeding your business information into some public AI model — you’re not alone. It’s the question I get asked more than any other. So let me give you the straight answers, without the tech jargon. First, What Can… Read more: The Truth About Microsoft Copilot Security for Business Owners
a good password, good password ideas, good password practices
3 thoughts on “What are good password practices?”
Pingback: How to stay safe from email scams
Pingback: Let's talk basic cyber security essentials
Pingback: Do you really need a password manager?
Comments are closed.