7 Do’s and Don’ts for Creating Strong Passwords

computer with a password login screen

It’s important to keep your accounts and information safe from cyber attacks and maintain healthy cybersecurity compliance, whether personal or for business. The first line of defense is strong, long and complex passwords.

Hackers have password-cracking tools to try and break into your account, but their best method is usually via brute force, which is when they test thousands of password and username combinations. You must take the necessary precautions to protect against hackers; once they access your personal, business or financial information, they can commit identity fraud, sell your data to other cyber criminals, empty your bank account and more.

Read: The Best Practices Against Cyber Attacks

1. Don’t Reuse Passwords

You shouldn’t reuse passwords for multiple accounts, especially for business and personal accounts. If hackers access one password, they potentially gain access to all accounts with that same password. Even though 84% of the world reuses passwords, you should instead create a different password for each account.

We know it’s hard coming to create a new password for each account (the average person has 100 passwords) and password fatigue is an exhausting reality, but it’ll save you in the long run. When hackers attempt credential stuffing, which is when hackers use stolen credentials across multiple accounts, you can easily deter them with new passwords.

2. Don’t Keep Your Passwords the Same Forever

Keeping your passwords the same increases your chances that someone will guess them eventually. You should change them regularly but not to the point where you will forget them. We recommend you change them every three months. However, if you are a cyber attack or hack victim, you should change your password immediately. When you do change it, don’t change only one character, like a “2” to a “3.”

3. Don’t Use Common Passwords

Did you know that “password” and “123456” are the most common passwords, followed by “111111” or “abc123”? These obvious and simple passwords offer no protection and should be avoided. Also, don’t use passwords from memorable keyboard paths, like “qwerty” or “asdfgh.”

Instead, create a password that no one will guess. Your password should be longer than one word followed by a number or exclamation point – it should be a passphrase with multiple words that is long but easy to remember for you. Your password should also contain a mixture of complex characters, including numbers, special symbols (!, @, #, $, %, &) and both uppercase and lowercase letters.

list of passwords4. Don’t Use Correctly Spelled Words

When creating your password, don’t use words found in the dictionary. Hackers’ tools try thousands of common words when guessing passwords. Passwords that are misspelled make them harder to crack. You can also substitute letters for numbers or symbols for extra protection. For example, “eggs” could be “3ggz” or “short” could be “$h0rt.”

5. Don’t Have a Short Password

Speaking of characters, avoid short passwords, as they are easy to guess. Length matters more than complexity. We recommend 19 characters to thwart hackers. You can test your password with online testing tools, such as passwordmonster.com.

6. Don’t Use PII

Avoid creating passwords riddled with personally identifiable information (PII) that can be easily found online. This includes:

  • Your name, nickname or initials
  • Your birthday or anniversary
  • Your Social Security Number, phone number or license plate
  • Your hobbies or car information
  • Your pet’s, spouse’s or child’s name

Your password should have random words. Some like using their favorite line from a book or movie as their password; others just string together random words, like a color, toy and shoe.

wooden-cubes-spelling-password7. Don’t Write Down Your Passwords or Share Them

This might sound obvious, but you’d be surprised. If you write down your passwords or share them, then someone can easily find them and access your account.

Use a password manager, an encrypted software tool to help create strong, random passwords and store them for your various accounts. Password managers automatically log you in when you go to a site, which can protect against phishing attempts; if you’re taken to a website that doesn’t automatically fill in your information, odds are, you’re at a phishing site.

Examples of password managers include:

How Thriveon Can Help

At Thriveon, we understand the importance of keeping your data safe. That’s why our servers are about protecting your business and empowering your people while maintaining cybersecurity compliance.

Schedule a meeting to learn more today.

Cybersecurity Risk Score Assessment



Subscribe to our email updates


Subscribe to our email updates