How to Choose Strong Passwords: 5 Core Tips

May 5 is the third annual World Password Day. If you care about protecting your accounts, your personal identifying information, and your business, this your official reminder:
Please be more thoughtful about choosing passwords!

Now that we’re well into 2016, we are all privvy to the list of the top 10 worst passwords from 2015. SplashData released this list in a report based on over two million passwords leaked in 2015. It’s great news that people are coming up with longer and, thus, stronger passwords. Still, most passwords are super simple and not at all random.  That’s not a good thing.
Drumroll, please…

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball


When in doubt, your password is probably insufficient to protect you.
You might ask yourself skeptically, “Why would anyone want to attack me?” or “What kind of info from my business would a hacker want?”
Here’s what hackers can do with seemingly small pieces of information, just to name a few examples:
* Take over the account the password belongs to and take action pretending they are you (transactions, interactions)
* Use that account to access your other accounts, which will give them access to your personal information and account activity
* Potentially gain access to those with whom you communicate, as well as systems you interact with

It gets ugly very quickly.

Your personal identifying information, other data and assets are at risk.
Formalize password policies and mobile device management to improve security of your business.
Get help in determining gaps in security and gain control before it’s too late- drop us a line!

Here are 5 core tips to creating better passwords:

1.)  Keep your personal identifying information out of your passwords.
Avoid these: Birthdays, yours or family member names, social, address information… you get the idea.

2.)  Don’t use real words or adjacent keyboard combinations.
You may already know that you shouldn’t be using legible words or combos on the keyboard like “12345” or “qwerty”… but here’s a helpful tip to take you one step further: Choose collections or combinations of things that you actually find easy to remember.  Example: Combine your middle school locker number with the first word in the title of your favorite book. Always change the site-provided default password to something that’s all yours.
Sites often choose passwords for you that totally break the rules we are defining here.

3.)  Make it long and combine types of characters.
We strongly encourage you to create passwords that bring together letters (both upper-case and lower-case), numbers, and symbols to make it harder to crack.
In fact, take it a step further!
Add two-factor authentication to build in a second layer of security to any type of login. This will ask you for extra information or a physical device to log in, in addition to your password.

4.)  Use a different password for sites worthy of securing, and change those often.
Don’t ever use the same password twice.Listen, we know this is incredibly difficult at times. It can be tough to remember passwords, come up with unique ones, and especially annoying to have to change those all the time to new combinations you have to remember. We want to make this as painless as possible for you.We recommend taking all 5 of these tips as strong recommendations for all websites, but we want to be realistic and we’re just trying to make this as painless as possible for you.

It is reasonable to use less intense passwords for sites that don’t collect or hold on to any identifying info about you. Examples: News sites.
Just do not use those simpler passwords for any of your other logins to websites or accounts otherwise.
It is gravely important to protection of you and your business. Social media accounts, mail services, any account requiring payment information or banking and accounting tools, any other account requiring a profile, and so on must be protected at an enterprise-level of seriousness.

5.)  Find a secure method for managing all of these passwords.
Over the years, recommendations about never writing down password lists have evolved. We just need users to know that they should proceed with great caution.

Here’s a secure way to approach this 4th tip that is actually manageable:
Make a list of every site and password-protected component of your life, to start.
Write down part or all, even, of the username used for that account.
Then, use personal clues to come up with “code” names for the passwords. Write those next to the account or site that you need to remember a password for and you will use those to remember how to log in.
Honestly, if you forget your password you can usually reset it so long as you can remember the username or account ID somehow.

There are third-party tools out there to help you through.
They safeguard sensitive passwords with measures including encryption. There are two types: Those that store the information in the cloud and local storage programs for your computer. Both would allow you to manage all this stuff with a master password. They can even often facilitate auto-fill for ease of access.
That said, always proceed with caution. Ask for advice !

UPDATE: We wrote a blog post more recently to walk you through step #5.

Check it out!


Get in touch with us to learn how we can help you enforce password policies and other cybersecurity best practices within your organization:

Oops! We could not locate your form.