Password Best Practices: Is Yours Strong Enough?

Imagine everyone in your business has a storage locker, and inside each locker is an employee’s work and personal information. The only thing keeping criminals from getting in is a padlock: the password. 

Did you know that 86% of all web app attacks use stolen credentials and that the average person has 100 passwords? That’s a lot of locks — and a lot of potential for criminals.

No one wants to get their sensitive information hacked, and that’s why it’s crucial to trade any weak passwords you might have for passwords secure enough to protect your entire locker—er, business.

You May Already Be Compromised

Have you kept aware of recent security breaches? Okta, 23andMe, Forever 21, Duolingo, American Airlines and T-Mobile are just a few of the businesses that experienced a data breach in 2023. If you work with these organizations, there’s a chance a cybercriminal gained access to your passwords and other personal information.

Your passwords, whether personal or business-related, can be compromised in several ways. One is dictionary attacks. These attacks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with these tools; with enough processing power, anyone can figure out lazy passwords.

Other common attacks take advantage of security questions. When you click the “forgot password” link on many sites or applications, you may be asked to answer personal questions such as the names of spouses, kids, relatives or pets. However, a hacker can find most of these answers from a quick look at most people’s social media profiles, which is why it’s important to use information that isn’t easily found for any identity verification questions.

The Worst Passwords

Did you hear the news? The ubiquitous “password” is no longer the most common password! That title now belongs to “123456,” according to the latest “Top 200 Most Common Passwords” findings from NordPass. In fact, “password” has actually dropped to number 7 on this list.

The top 20 most common passwords according to NordPass:

1. 123456
2. Admin
3. 12345678
4. 123456789
5. 1234
6. 12345
7. password
8. 123
9. Aa123456
10. 1234567890
11. UNKNOWN
12. 1234567
13. 123123
14. 111111
15. Password
16. 12345678910
17. 000000
18. admin123
19. ********
20. user

Read NordPass’s complete list. Are any of your passwords on it? If so, it’s time to change them — immediately.

Further Reading: How Often Should You Do Cybersecurity Awareness Training?

How to Strengthen Your Passwords

A password is insufficient if it’s easy for other people or software to guess, or if it’s hard for you to remember. So, how can you make a strong password that you’ll be able to remember? 

First, a few tips:

• Don’t use words from the dictionary, as previously mentioned. Hackers use thousands of dictionary words when attempting to brute force their way into an account
• Stay away from short or easy-to-guess passwords
• Don’t use simple keyboard patterns (such as “qwerty”)
• Avoid using personal info, including kids’ or pets’ names or addresses
• Avoid celebrity names and terms from pop culture and sports
• Don’t repeat your passwords across multiple accounts
• Try for at least 11 characters. The longer, the better

With these points in mind, let’s help you create a strong password.

Use a Sentence 

Think of a sentence that has meaning for you. It could be a line from a favorite book or poem. Maybe it’s a song lyric or a saying from your family.

Once you’ve selected your sentence, use shortcuts, abbreviations and acronyms to condense it into a single password.

Here are some examples:

• MyDawgH8stv3t = My dog hates the vet
• TwoBeorNot2B_ThatIsThe? = To be or not to be, that is the question
• WOO!TPwontSBeW/O#12! = Woohoo! The Packers won the Super Bowl even without #12!

Try the Place-Person-Action-Object Method 

For this technique, you need a place, a person, an action and an object. Start by choosing an interesting place (e.g., Yellowstone). Next, select a familiar or famous person (Mozart). 

Then, imagine a random action and random object. So, you may wind up with, “Mozart riding a zebra at Yellowstone.” The weirder, the better. Our brains are better at remembering outlandish, unusual scenarios.

Take the first 3 letters from “riding” and “zebra” to create “ridzeb.” Repeat these same steps for three more stories. Finally, combine your made-up words together, throw in some numbers and special characters where you can remember them, and you'll have a long password that'll be familiar to you but seem completely random to other people or software.

Use Multi-Factor Authentication Whenever Possible

Sometimes called two-factor authentication (2FA), multi-factor authentication (MFA) is an extra step that only takes a few extra seconds, but adds vital extra security. You’ll be asked to answer a prompt or enter a code that’s sent to your phone — something that should only be available to you. Once entered correctly, you’re in.

Cybercriminals looking to break into your accounts will more than likely be stumped and give up with MFA implemented.

Additional Cybersecurity Measures

Use a Trusted Password Manager 

Password managers encrypt and store all of your passwords. They then automatically insert your password when logging into one of your accounts. Some managers even include a random password generator that creates hard-to-crack passwords with just a click of your mouse.

Be Careful of Emailed or Texted Links Asking You to Log In 

Even if it appears to be from a legitimate website, be careful before clicking on a link asking you to log in, change your password or provide any other personal information.

Never Use Public Open Wi-Fi 

Unsecured Wi-Fi at your corner deli might seem convenient, and it is… for cybercriminals. Using unsecured networks gives criminals easy access to devices on the network, like opening the door to your storage locker and letting them sift through your belongings.

This is even more important to remember in today’s remote/hybrid work environment, where work is much more mobile and not as tethered to secure, in-office networks. Any wireless network used by employees must be secured.

Having the Right Help Desk Makes a Difference

In every aspect of technology management, including password assistance, the right help desk is crucial. Every employee must feel confident in relying on the help desk for support and solutions in ensuring the tightest security.

Do you have everything you need for a successful help desk? Click the link below to access our checklist and find out what you might still need.