How to Make Strong Passwords: 8 Tips for 2023
Editor's note: This post was originally published on May 15, 2018 and has been revised for clarity and comprehensiveness.
Coming up with strong passwords can be time-consuming and challenging. Using simple and predictable passwords is easier, but unfortunately, hackers can quickly crack them.
Luckily, multiple tools and strategies to create stronger passwords for your entire organization are easily accessible in today’s day and age. As a managed IT provider for over 20 years, Intelligent Technical Solutions (ITS) has used these strategies to help businesses make the strongest passwords for their organization, and we’re sharing them with you in this article.
These will help you to create passwords that are harder to crack and protect your online identity from potential threats:
1. Use a Password Manager
Using a reliable password manager is the number one tip for creating and managing secure passwords. It streamlines the entire process, as most password managers have a secure database, 2FA support, password randomizer tools, and insight into your password strength.
You won’t have to remember each individual password, as the need to keep track of every account often causes people to resort to one weak password. You’ll also have an easier time organizing accounts and accessing passwords across multiple platforms.
2. Always Include Letters, Numbers, and Symbols
When creating passwords without using a password manager, always incorporate a mix of upper- and lower-case letters, numbers, and special characters like: !@#$%^&*()_+.
While the NIST password guidelines do not necessarily require special characters, it’s still generally a good practice to include them. You’ll just need to be careful and stop yourself from using repetitive passwords with only one or two special characters thrown in.
3. Avoid Using Common Words or Phrases
Hackers can use dictionary attacks to guess your password, so avoid using common words or phrases like "password" or "1234".
It’s easier than ever for hackers to brute force common passwords, giving them access to your information linked to the account, such as credit card details, personal emails, and contact information.
4. Use Longer Passwords and Passphrases
The longer your password, the more difficult it is to crack. Aim for a minimum of 16 characters or more.
Also, consider using passphrases instead of passwords. A passphrase combines random words that are easy to remember but difficult for others to guess, like “DoOrDoNotThereIsNoTry.” Applying the rule mentioned in item #2 of this list, you can change this to "Do0rDoNotThereIsNoTry!".
5. Use a Unique Password for Each Account
Using the same password for multiple accounts is a major security risk. You should always use a unique password for each account to protect yourself from cyber-attacks.
It might seem unnecessary, especially if your default password is already complicated, but unique passwords ensure hackers can’t access multiple accounts if one password is compromised.
Depending on your industry, you might even be legally required to use different passwords. It’s a recommended best practice for online security and is part of the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
6. Create an Organization-wide Password Blacklist
A password blacklist is a list of words or phrases commonly used in passwords, and organizations leverage these blacklists to prevent users from creating weak passwords, which could put their accounts and personal information at risk.
These blacklists are highly beneficial as they can be incorporated into an organization-wide password policy. It promotes better overall security, consistent password policies, and compliance with IT best practices.
7. Keep All Passwords Private
This rule may seem like a no-brainer, but you’d be surprised how many organizations fail to follow it.
Password sharing often happens when team members want to save money on accounts and give others access to the same service. But it results in a glaring security vulnerability and should be your last resort. That's because password sharing creates issues with accountability and non-repudiation.
Non-repudiation is the concept that a user cannot deny their actions or transactions. When passwords are shared, it becomes almost impossible to establish non-repudiation because multiple people have access to the same account, and any one of them could deny their involvement in a particular action. Non-repudiation is crucial in legal, financial, and security contexts where it's essential to attribute actions or decisions to specific individuals.
Password managers often make password sharing safer by offering the option to send the credentials to other registered users without showing the password. There are also options to sign in via QR codes that bypass the need for passwords altogether.
However, despite current tools that make password sharing seem more secure, it’s still a best practice to never share passwords with colleagues, staff, family, and friends.
8. Plan Out Secure Password Recovery Protocols
Accidents happen – people make mistakes. Sometimes, we forget or lose passwords, and part of creating strong passwords is ensuring you can keep making strong passwords securely.
When creating your password recovery protocols, make sure you:
- Have a list of accounts.
- Always authenticate identity and provide password hints only when required. Make sure to give a hint that only you would understand.
- Establish clear recovery procedures.
- Have encrypted back-end databases.
These simple steps for preparation will quickly reduce downtime costs whenever someone forgets their password and keep you up to date with IT government regulations. Your helpdesk will also thank you since end-users will have an overall better experience, reducing noise and lessening the number of stressed-out staff your IT team needs to face.
Ready to Make Strong Passwords for Your Organization?
We can’t deny it’s harder than ever to protect your information. But with a few tricks, you can increase your password security and make it harder for cybercriminals to hack your organization.
Remember to use a unique password for each account, avoid common passwords and patterns, and use a password manager to store your passwords securely.
Additionally, implementing an organization-wide password blacklist and planning out secure password recovery protocols can further enhance your password security.
With these best practices, you can rest assured that your online accounts are well-protected and secure.
But as a managed security services provider (MSSP), ITS knows cybersecurity doesn’t end with stronger passwords. Here are more resources you can read to improve your network’s security:
- Ways to Protect Your Business Amidst Alarming Rise in Password Attacks
- What Businesses Need to Know About Managed Cybersecurity Services
- eBook: 3 Types of Cyber Security Solutions Your Business Must Have