Get in Touch


Password Best Practices

January 31, 2023
Reading Time: 3 mins
Author: Ray Sweeney

With cyber criminals increasingly using legitimate credentials to perform their attacks, password best practices have never been more relevant.

Data released from Crowdstrike in 2022 showed that 62% of detections are now free from malware. This is a deliberate effort by attackers to evade detection by legacy antivirus products.

Put simply, attackers are now more likely to enter through the front door.

As a result, it is imperative for people to be educated about best practices when using passwords.


6 Password "Don'ts"

The frequent use of passwords causes many to overlook their significance and make careless mistakes. The following are common behaviours to avoid:

  1. Don’t write passwords on sticky notes
    Whilst setting difficult passwords that need writing down might feel secure, this practice could jeopardise your compliance with cyber insurance.
  2. Don’t save passwords to your browser
    Web browsers can be easily compromised and a wide range of malware, browser extensions and software can extract sensitive data from them.
  3. Don’t iterate your password (for example, PowerWalker1 to PowerWalker2)
    Although this is a common practice, it is unlikely to protect against sophisticated cyberthreats. Hackers have become far too intelligent and can easily crack iterated passwords.
  4. Don’t use the same password across multiple accounts
    If you do, you are handing cybercriminals a golden opportunity to exploit all your accounts.
  5. Don’t simply capitalise the first letter of your password to meet the “one capitalised letter” requirement
    Hackers are aware of this, making it easy for them to guess the capitalised letter's position.
  6. Don’t use “!” to conform with the symbol requirement
    Similarly, if you must use it, don’t place it at the end of your password. Placing it anywhere else in the sequence makes your password far more secure.


6 Password "Do's"

Protect the confidentiality of your passwords by following these six password best practices:

  1. Create long, phrase-based passwords that exchange letters for numbers and symbols (and maybe a spelling error)
    For instance, if you choose "Too many secrets" write it as "toOm4ny$ecrRet$" This makes your password harder to crack.
  2. Change critical passwords every three months
    Passwords protecting sensitive data must be handled with greater caution. The longer you use a password, the greater the chance of it being compromised.
  3. Change less critical passwords every six months
    Regardless of their criticality, changing your passwords every few months is a good practice.
  4. Use Multi-Factor Authentication (MFA)
    In the event your password is compromised, MFA greatly increases your chances of keeping your data safe.
  5. Always use passwords greater than eight characters and include numbers, letters and symbols
    The more complicated, the better. Avoid common dictionary words, and understand that using a zero in place of an O is confusing no one.
  6. Use a Password Manager
    A password manager can relieve the burden of remembering a long list of passwords, making you more likely to stick to password best practices.


The Importance of Password Best Practices

An estimated 78% of cyber attacks now target users directly. Consequently, adhering to password best practices is a major first step towards protecting your business.

It is critical to be aware, informed and make appropriate investments to ensure that your business is adequately protected. Regular cyber awareness training, phishing tests, policies & password best practices ensure a well protected business in 2023.

Check out this article for more information on common security myths.

Alternatively, if you would like to have a discussion regarding where your business stands, please give us a call or book a time directly here: We'll be happy to share our insights on how you can secure your business.


Discover How We Can Accelerate Your Business Growth