12 Password Best Practices

Published: 2022-11-10 in security

Today, it is nearly impossible to avoid the online world, and in the workplace, often completely unavoidable. We have adopted technology that has allowed us to grow and manage business in ways we never had before. Although the benefits of technology are plentiful, there are also some risks involved as well. This is why cybersecurity has gained interest and awareness in recent years.

If you are looking to improve your cybersecurity, having good password hygiene is an important first step. Having password protections in place limits access into data and accounts to only authorized users. Limiting access to important information is essential in securing your business. However, because passwords are used so often some users may neglect to see their significance and make mistakes. A simple user error can lead to serious consequences such as breaches and data leaks.

It is crucial that businesses regularly train their employees on password hygiene and best practices to prevent compromised data. 


6 Password “Don'ts”

Follow these six password “don’ts” to prevent getting hacked.

1. Don’t write passwords on sticky notes
You may feel that your credentials are safe at home or in your office on written pieces of paper. While this does make it harder for online predators, it simultaneously makes it easier for someone local to steal your passwords.

2. Don’t save passwords to your browser
Web browsers can be easily compromised by malware, browser extensions, and software that can pull sensitive data like your personal information, customer information, and credit card number. It is important to never store passwords in your browser for this reason. 

3. Don’t reiterate your password (for example, DeathStar1 to DeathStar2)
It may be easier to remember passwords that are like your last or that exist among different accounts but having passwords that are too similar is unlikely to stop sophisticated cyberthreats. Reiterated passwords become very easy to crack for some cyber criminals leaving you vulnerable. 

4. Don’t use the same password across multiple accounts
Doing so allows hackers access into all your accounts using the same password. If they have one, they’ll find a way into all of them. 

5. Don’t capitalize the first letter of your password to meet the “one capitalized letter” requirement
This is common to see because this is how we are used to writing. However, capitalizing the first letter of your password is predictable and hackers know this. Instead, try placing the capital or multiple capitals throughout the password.

6. Don’t use “!” to conform with the symbol requirement
This also falls into the predictability category. If you feel inclined to use the exclamation symbol, insert it anywhere in the password besides the end. Having the “!” at the end of a password specifically will make it less secure.


6 Passwords “Do’s”

Secure your credentials and data with these six password “Do’s”

1. Create long, phrase-based passwords that exchange letters for numbers and symbols
Long and encrypted passwords are far harder for cybercriminals to predict and guess. For example, if you choose “Zombie Apocalypse”, write it as “z0mBi3@poc@LypzE”. 

2. Change critical passwords every three months
These passwords must be treated with caution and special care. The reason being is that if the credentials that are protecting sensitive information are compromised the risks are far greater. You can schedule a reminder on your calendar every three months to ensure these passwords are regularly changing.

3. Change less critical passwords every six months
If you struggle to determine which passwords are more critical than others, don’t worry. If you change your passwords every few months, you are practicing good password hygiene.

4. Use multifactor authentication
Multifactor authentication creates multiple layers of protection to your accounts. Having this enabled will make it much harder for cybercriminals to break through.

5. Always use passwords that are longer than eight characters and include numbers, letters and symbols 
This is often required when creating secure passwords and for good reason, the more complicated things are for hackers, the better.

6. Use a password manager 
Remember complex passwords that are unique from one account to the next can be extremely difficult without a secure place to store them. Using a password manager gives you the freedom to create the most challenging passwords without having to rely on just memory. 

Need a password manager? We can help. 

Following all these rules for password management requires attention and work on your part. However, partnering with an expert managed service provider (MSP), like us will help you manage these tasks. RCC Business IT can help with securing your business, empowering you and your employees, and giving you peace of mind. 

RCC Business IT - Contact Us