It might sound like the same old story but trust me when I say, it's not. We see it every day. Employee's passwords are ...
It might sound like the same old story but trust me when I say, it's not. We see it every day. Employee's passwords are still getting guessed by hackers. We have clients send us their passwords through email in plain text almost every other day. And when I say the passwords are weak, I am saying the passwords are WEAK. So for best practice, assume you have employees that are reusing passwords from their personal accounts and using weak, easy to guess passwords. Passwords are the most common defense against unauthorized access to computers and systems, but they're often ineffective due to poor user habits. Let's look at some best practices, strategies and some dos and don'ts.
What can be done to make passwords as effective as possible?
Your best option is to use a password manager, for more information on that, read our blog: https://cloud-cover.me/hollis-blog/10-cybersecurity-tips-business-to-implement
Include a mix of upper and lowercase letters, numbers, and special characters, such as $ ! & %, etc.
Use a passphrase instead of a password. An example could be ATreehas86GR8AppleZ!
Use different passwords for all accounts, especially personal and work accounts, those should always be different.
Use Multifactor Authentication (MFA) when possible. Factor one is something you know, such as your password,, Additional factors will be something you have, such as a text message sent to your phone or your fingerprint or face ID.
Here are some things that you shouldn't do:
Don't use your personal information as part of your password, it's too easily found on the internet.
Don't store your passwords in Chrome or other internet browser password managers. While, this might seem more secure, these actually store your passwords in clear text, so if someone accesses your machine, or your google account, they will have access to all of your passwords.
Don't keep your passwords written down on a piece of paper or a notebook near your computer.
Don't use the same passwords for multiple accounts or use the same variation.
Do not email or text your passwords to anyone. You shouldn't be sharing them with anyone anyway.
If you think that this is all old news and everyone knows these best practices and none of your employees are putting your business at risk because of bad password practices, think again. According to Security Magazine, 3 in 4 people are at risk of being hacked due to poor password practices.
If you are concerned that you or your employees credentials could be at risk, we can run a dark web scan report for you. The report will show us if you or anyone using a company email has had their email or passwords involved in a breach. We can send you the report and it takes us about 10 minutes to run the report for you. To find out more about that, check out our page: cloud-cover.me/free-dark-web-scan-offer
Please share these best practices and Dos and Don'ts with your team. It could mean the difference between your organization's data security and a breach.
Frequently Asked Questions: Password Security
What makes a password “strong” and secure?
A strong password or passphrase should be long, unique, and hard to predict. Ideally it should be at least 15–16 characters long, or even better, a passphrase made of multiple unrelated words. It should avoid dictionary words, personal information (like birthdays or pet names), and common patterns. Using a mix of uppercase/lowercase letters, numbers, and special characters (or a sufficiently long passphrase) also helps.
Should I use the same password for multiple accounts?
No, reusing passwords across accounts is risky. If one account gets compromised, reused passwords can put all other accounts at risk. It’s far safer to use a unique password for each account, especially for important ones such as email, banking, business logins, etc.
What else should I do besides having a strong password?
- Enable multi-factor authentication (MFA) wherever available, so access requires something more than just the password.
- Use a password manager to generate and store unique, complex passwords — this helps you avoid reuse and manage many credentials securely.
- Avoid writing passwords down in unprotected places (e.g., sticky notes, plain documents).
How often should I change my passwords or update them?
Rather than forcing frequent arbitrary password changes (which can lead to weaker, reused passwords), it’s best to change or reset passwords when there’s evidence of a compromise, or when the account has been exposed. For routine usage, focus instead on having long, unique, strong passwords and combining them with MFA.