How to Create Strong Passwords: 7 Best Practices

Learn the 7 essential best practices to creating strong passwords that will keep your sensitive information safe from cybercriminals.

7 Best Practices for Creating Strong Passwords

In today’s digital world, it seems that we have countless online accounts, which translates to countless passwords for these accounts. These passwords are essential, as they protect our sensitive information from unauthorized access by cybercriminals. Due to the sensitivity of the information that our passwords protect, it is essential that we use best practices to create strong, unique passwords across our various accounts – particularly when you consider that, according to Verizon’s Data Breach Report, over 80% of data breaches are caused by stolen credentials.

Here are our 7 most essential tips to creating strong passwords:


1) Length: How long should passwords be?

The longer a password is, the more difficulty it is to crack. Our experts recommend that your passwords should be at least 14 characters long.


2) Complexity: What makes a password “complex”?

There are a few ways to make passwords more complex, such as including numbers, special characters, and a mix of upper- and lower-case letters. For example, a word like “password” could be updated to “p@s$w0rD” to increase complexity. (However, we wouldn’t recommend using any variation of “password” as a password… it’s far too common. More on that later.) This chart from Hive Systems does a great job of displaying how long it takes a hacker to crack your password based on how complex it is.

Table displaying how long it takes a hacker to guess a password based on length and complexity.
Table courtesy of Hive Systems

3) Passphrases: What is a passphrase?

Passwords can be difficult to remember, especially when they are as complex as they should be. Passphrases are a helpful way to create long and complex passwords, and they can be easier to remember than random passwords. A passphrase is a short sentence or series of words that is modified to create a password. For example, “my password is complex” could become “MyP@ssw0rdIsCompl3x!” to create a passphrase.


4) Personal Information

Avoid using personal information in your passwords, such as your name, date of birth, pet’s name, hometown, etc. These details can be easily found on social media or through other sources, making them easy to guess and dangerous password components.


5) Avoid Common Passwords

Avoid using simple passwords like “123456,” “qwerty,” or “password.” These are commonly used, which often makes them a cybercriminal’s first guess when trying to access your accounts. You should also be sure to change passwords on devices or accounts that come with a preset password. Many of these default passwords can be easily found or guessed, making them especially vulnerable.


6) Unique Passwords: Should you use a different password for each account?

Using the same password across multiple accounts can be incredibly dangerous. If a hacker gains access to one of your accounts, they will quickly be able to access all other accounts that use the same password. Therefore, it is important to use a different password for each account. Having so many different passwords may seem impossible, but this is where password management tools come into play…


7) Password Managers

A password manager is a tool that can help generate complex and unique passwords for each of your accounts, while also securely storing them all. In addition to helping you create more complex passwords, password management tools also store them in such a way that users don’t need to remember the individual passwords to each account.

Improving Your Security Posture

Following these best practices will help you create strong and secure passwords to protect your accounts and sensitive information. However, there are additional measures that you can take to further strengthen your security standing. One such measure is multi-factor authentication (MFA), which is an additional layer of security that is highly effective in preventing most data breaches.

While practicing password best practices and implementing other security measures (like MFA) are important on a personal level, it is also essential for these to be implemented on an organizational level. Businesses of all industries and sizes are susceptible to cyber-attacks, and following security best practices – all the way down to password policies – can help protect your company’s data. Interested in learning about how Blackink IT can help your organization build a strong security posture? Contact the cybersecurity experts at Blackink IT today!

Subscribe to the Blackink IT blog

Never miss another article from our technology & cybersecurity experts!
Continue Reading