Strong passwords are an essential component of any cybersecurity program. This guide will walk you through some of the steps you can take to increase password security in your organization.
Jump To:
Expert Tips for Creating Strong Passwords
Implementing strong password policies across your organization helps reduce your risk of suffering a severe data breach. Here's a list of our best tips and tricks for strong passwords.
1. Use a Mix of Characters
The use of symbols and characters in passwords helps make them more complex, which reduces the chances of a cybercriminal gaining access to the account through a brute force attack. Strong password policies should require users to include at least one number and special character as well as a mix of uppercase and lowercase letters.
For example, instead of simply setting “mantaray49” as your password, you could add complexity by incorporating numbers and symbols — “M@nt@RaYY!4!9”
2. Longer Is Stronger
The shorter and easier to remember a password is, the easier it will be for a cybercriminal to guess. As part of your password policy, require users to create passwords that are 12 characters or longer. Most organizations will set the limit at 30 characters to reduce password resets due to forgetting credentials, though many systems can accommodate even more.
3. Use Different Passwords for Each Account
In one recent survey, 39% of respondents reported using the same password across multiple accounts. So if a hacker were to gain access to one of those accounts, they could easily compromise the rest.
Educate your employees on the risks of password reuse, and ensure they create completely new passwords any time they need to update their logins. Many systems keep track of historical login information so that if a user attempts to recycle a previous password, they will receive a prompt to try again.
4. Educate Users on Best Practices
According to Verizon's Data Breach Investigations Report for 2023, 74% of data breaches across all industries include the human element. So while your organization could implement all the best security tools available, those tools are less effective without a robust culture of security behind them.
Implementing robust security awareness training programs helps ensure all your employees understand the importance of following cybersecurity best practices like setting strong passwords — and when your employees know the reasons why they should be prioritizing security and accountability, you improve your chances of preventing serious damage. A user-friendly security awareness training software solution is an excellent way to deliver that training to employees of all levels.
5. Change Passwords Frequently
Keeping the same password for months on end increases the amount of damage cybercriminals can do, especially if users are recycling their passwords. Strong password creation and management policies require users to update their passwords every three to six months.
Additionally, users should be required to change their passwords any time the system detects abnormal activity. Although you can't go back and undo data breaches that have already happened, you can prevent another from happening immediately after.
6. Use Authenticator Apps and Other Security Tools
Although strong passwords can do a lot in terms of protecting sensitive data, they shouldn't be your organization's last line of defense. Advanced security infrastructure like zero-trust architecture and multi-factor authentication (MFA) add additional layers of security to logins by requiring users to provide additional credentials after entering their username and password.
Phishing-resistant identification factors are unique to each user, which blocks cybercriminals from accessing the account. Some examples include:
- Biometric inputs such as fingerprints or retina scans
- Security questions
- Push notifications on mobile apps
- One-time login links sent via SMS or email
Common Password Mistakes and How to Avoid Them
Creating passwords that can stand up to cyberattacks is more complicated than it appears for many employees. Here are some tips your organization can use for avoiding the most common password pitfalls.
Mistake 1: Relying on Simplicity
Even if the user adds complexity with a string of special characters, using real information increases the chances of cybercriminals guessing their passwords. Here are some of the most important things to avoid when creating strong passwords:
- Real words: Real words are easier to guess than fake words. Essentially, if you can find it in the dictionary, either leave it out of your password or find ways to add complexity with extra characters.
- Personal information: Words referring to personally identifiable information like family members' names, street addresses or hobbies give internal attackers opportunities to guess the password.
- Simple patterns: Although more complex passwords are always best, many people default to passwords that are easy to remember. For example, many people will use some variation of the word “password” or repeating numbers like “123123.”
Instead of letting these mistakes slip through, encourage users to create more random passwords that hackers can't guess by words alone.
Mistake 2: Sharing Passwords With Others
Although sometimes it's necessary for employees to share passwords — such as when a team uses one account for a shared company resource — employees should never share their credentials for their unique profiles. Some of the risks of sharing passwords via email, Slack or other digital communication channels include but are not limited to:
- Data leaks
- Financial theft
- Downtime
- Reputational damage
- Intellectual property theft
If you have to share your password for any reason, you must change it as soon as possible. Even if you think the person you're letting into your account is trustworthy, letting them retain their access may be the invitation they need to steal your information.
Mistake 3: Writing Passwords Down
We all know that writing your passwords down on a sticky note and adhering it to your monitor is a serious security risk — anyone could walk over and steal your password and you'd be none the wiser. But when your passwords are tough to remember, you need some way to store them.
Using a password manager is a great way to keep your passwords safe — and it virtually eliminates the need to remember them. These web-based tools store your passwords for every account you use so you can log in quickly and easily. Many also have randomized password generator features that enable users to create strong passwords without spending any extra time on the process.
Regardless of the solution you use, it's a smart idea to take advantage of enterprise password managers and their benefits. Some examples include:
- LastPass
- Dashlane
- 1Password
- Bitwarden
- NordPass
- Keeper
- Roboform
Learn More About Security Solutions From Phin Security
At Phin Security, we're committed to helping MSPs navigate the wild sea of cybersecurity, one wave at a time. Our automated security awareness training solutions are easy to implement and understand, so you and your users can get moving in just a few minutes.
Our team is here to help you embark on your cybersecurity journey. Contact us today to get started with a free trial.
