World Password Day: How to create strong and complex passwords

Reading Time: 2 minutes

Having strong and complex passwords on all your accounts is a cybersecurity measure that is easy for all your users to accomplish. But as cyber threats have evolved, so have the requirements of a good password. To help you better understand those requirements, SUCCESS has outlined some key guidelines for creating strong passwords and best practices to follow once you have them in place.  

1. Create strong passwords for all your accounts 

When thinking about what to use as your password, the more complex, the better. While using “P@ssword1!” might have been acceptable ten years ago, a stronger password is necessary to ensure your information remains protected and secure. To do this, your passwords should not contain easily guessed information (like a pet’s name or birthday) and should be composed of:

  • At least 15 characters 
  • A passphrase rather than a password 
  • Multiple special characters

In the best-case scenario, your password is one that is physically impossible to remember (e.g., cdoknmfqpirjQ.C,/Q$^ELN29*). However, we know that can only be attained if you’re using a password manager (which we do also recommend). So instead, an example of a good, strong password could be something like Dolphin + Neptune + Marble because it’s long (26 characters), uses multiple words rather than just one, and includes several special characters (plus signs and spaces are both considered special characters). And while it fulfills all the requirements of a complex password, it is also relatively easy to remember. 

2. Don’t reuse old or similar passwords across accounts 

It may seem easier to use the same password for every account. After all, who wants to have to remember twenty different passwords? However, using a different password for each account is the best way to make sure your other accounts remain uncompromised in the event of a breach.  

Additionally, even the strongest passwords should be updated periodically. When you do update a password for an account, make sure to avoid ones already in use or previously used. 

3. Enable Multi-Factor Authentication (MFA) 

If you’re prompted to turn on multi-factor authentication when logging into an application, website, or device, take the opportunity to do so. MFA provides an additional layer of security to all your accounts by requiring a second form of verification (such as through a text message or authenticator app) in addition to your password.  

4. Avoid storing passwords in your browser or on your device 

While it may seem more convenient to just save all your passwords in your browser because they auto-populate the next time you go to log in to your accounts, this could make it easier for hackers to gain access if your device is compromised. Instead, use a password manager like Keeper to more securely store your passwords in a single location across all your devices. 

5. Log off at the end of your session

When you’re done using a website or application, make sure to log off. This prevents unauthorized access of your accounts if someone physically obtains your device. This may seem obvious, but not everyone does it, so make sure to take that extra step to ensure optimal security for your accounts. 

Security for More Than Just Your Passwords 

Making sure your organization’s users set strong passwords is just one way of practicing good cybersecurity. If you’re looking to determine how else your organization’s security infrastructure could be improved, the SUCCESS team can help. Contact us today, and we’ll get you started with a complementary assessment of your network.