Password Best Practices

As times change and more and more of our personal and business information begins new lives on the Cloud, password security is more important now than ever. There are plenty of products and tools you can use to enhance your security, like authenticators and biometrics. But there is no easier way to keep your data secure than maintaining password best practices Follow these tips to keep all your most important data as secure as possible:

Avoid Random Passwords

A randomly-generated password is okay when first setting up an account, but a randomized password that you create can be difficult to remember and runs the risk of needing to be written down in order for you to remember. Writing down passwords leaves you vulnerable to anyone who happens to see your passwords.

Stop Writing Down Passwords

Most people who have a lot of passwords to manage cannot possibly remember every single password they use throughout the day. Password lists inside of memobooks, manila folders, and sticky notes are not a secure method of storing passwords. If you must keep physical notes about your passwords, write down the username and then a hint that will help you remember the password, so only you can know.

Learn To Use Passphrases

You may not have heard of the 8+4 rule, but you've absolutely used it before if you've made an account on most internet webpages. The 8+4 rule is simple: eight characters with one of each of the 4 different types of characters (symbols, lowercase, uppercase, numbers). This used to be good enough to prevent brute-force attacks, but as computers become more efficient it becomes easier for hackers using brute-force methods to crack your account's security.

To counter this, experts have started to suggest switching to Passphrases, which are simply passwords using 3-4 word phrase that are not necessarily relevant to each other but are distinct enough for you to remember. Passphrases improve your account security by increasing the amount of attempts a brute-force attack would need by an order of magnitude for each new letter/symbol. A passphrase that is 20 letters long would be essentially impossible for a brute-force to crack.

An example of a passphrase could be ExcitableTallKangaroo? , or ReptileKingBohemia# . I just made those up right now; feel free to use either of those passphrases if they happen to appeal to you for whatever reason.

Use Different Passwords

This one seems obvious, but I want a chance to elaborate. Targeting more vulnerable sites in order to access the information of all their users is a common tactic employed by hackers. Using the same password on your bank account or work email that you used on your Neopets account and Pandora radio is probably not the best idea. Even if you believe Pandora's security is top-notch, it may not be worth the risk.

Don't Change Your Password Too Much

Adherence to this advice may not be something within your control in a business environment, but research suggests that changing your password too often can lead to forgotten passwords or a situation where you're creating new iterations of the same passwords. These types of patterns will be spotted by hackers and used against you. A good passphrase can last over a year if not longer. Encourage your friends, family, and business to adopt stronger passwords if they've fallen into the password1, password2, password3, password4 trap.

Use Extra Protection Where You Can

There are extra barriers you can seek out to protect your passwords and in turn, your data. Two-factor authentication can turn your mobile phone into a device that only allows access after explicit permission via authenticator code has been entered. Biometrics tie your fingerprint, your face, or even your iris to your account, protecting your account from anyone who isn't yourself. Account lockouts, which lock your account after a number of failed login attempts, can completely stonewall brute-force attacks.

A good amount of companies provide options like the ones listed above for free and in many cases offer help to set up. If keeping your data secure is of value to you or your company, it is worth the time to find out what kind of extra protection you can employ.


The importance of data and password security is paramount no matter where you go. Employing these tips in your personal and business tech will go a very long way in keeping vulnerability-free and happy.