Skip to content
password cover

10 Steps for Setting a Strong Secure Password

Table of Contents

Password reuse, where the same password is used across multiple accounts, is a common and risky behavior that can lead to security vulnerabilities if one account is compromised.  Aside from being constantly reused, these passwords are often not strong enough to prevent cyber criminals from easily being able to guess them. Worse, you may not know that your password has been compromised for several months or years.  Several studies and reports highlight the prevalence of weak passwords and their role in security incidents. For example, the annual “SplashData’s Worst Passwords” list, which compiles commonly used and easily guessable passwords, emphasizes the persistence of poor password choices among users. The Verizon Data Breach Investigations Report (DBIR) and similar cybersecurity reports often highlight the role of weak or stolen credentials in security incidents. In many cases, attackers exploit easily guessable passwords to gain unauthorized access to accounts. Creating a unique and strong password, along with secure password management practices is crucial to prevent cybercriminals from gaining access to your online accounts, your sensitive information, and maintaining online security. Here are some best practices for setting a strong and secure password.

To keep your passwords private and safe from cybercriminals, follow the tips below: 

1. Length Matters

login interface, username and password, vector illustration

Aim for a minimum of 12 characters. Longer passwords are generally more secure. Decide a memorable sentence infused with personal details rather than attempting to recall a complex combination of letters, numbers, and symbols. For instance, share something like “Duke, my dog, loves to play ball.”  Infusing personal elements into your passphrase enhances memorability while maintaining a robust level of security. Make sure your passphrase is at least seven words long. The longer your passphrase, the more difficult it will be for someone to decipher.

2. Use a Mix of Characters

personalized example
seven words example

Include a combination of uppercase and lowercase letters, numbers, and special characters. This makes your password more complex and harder to guess.

3. Don't Use Any Common, Simple, Or Known Phrases

common phrase example

Avoid using common phrases or quotes, as these are easily guessable by hackers. Similarly, don’t use easily accessible personal information like your birthdate, your or your children’s names, or even your pet’s name. Also, steer clear of simple patterns like “123456” or “password.” These are among the first combinations attackers try.

4. Use A Different Passphrase For Each Account

different passphrase example

Employing the identical passphrase across various accounts increases the vulnerability of experiencing multiple breaches if that passphrase is compromised. This way, if one passphrase is compromised, your other accounts will be protected.

5. Use A Password Manager, Protected By A Strong Passphrase

pw manager example

Password managers are a secure way to generate and store complex passwords for you. You only need to remember one strong master passphrase.

6. Change Your Passphrase Regularly

change pw example

Changing your passphrase periodically, especially for critical accounts, can help mitigate the risk if a password is compromised.

7. Make Sure You Use A Different Passphrase At Work Than You Do At Home

home pw example

Ensure you utilize a distinct passphrase at your workplace compared to the one used at home. Similar to employing unique passphrases for individual accounts, using a different passphrase for work and personal accounts is crucial to your employer’s data security.

8. Make Sure That Your Accounts Lock For 15 Minutes After 5 Failed Login Attempts

failed pw example

Activating account lockouts following a specific number of unsuccessful login attempts is a crucial measure to safeguard your accounts against attacks.  Ensure that your accounts are configured to initiate a lockout period of no less than 15 minutes after encountering 5 consecutive failed login attempts after encountering five consecutive failed attempts.

9. Enable Two-Factor Authentication

business hand holding smart phone and connect with laptop computer for filled password

Adding an extra layer of security through Two-Factor Authentication (2FA) provides an additional barrier even if your password is compromised.

10. Check for Breaches

Periodically check if your email or passwords have been involved in any data breaches. Websites like “Have I Been Pwned” can provide this information.

Remember that creating a secure password is just one aspect of maintaining good cybersecurity hygiene. Regularly updating software, being cautious with emails and links, and staying informed about potential threats are also crucial for overall online security.

Should you encounter challenges with password management, are facing cybersecurity threats, or require assistance in fortifying your security measures, reach out to the experts at KT Connections for professional support.