All Collections
Password Best Practices
Password Best Practices

We recommend that our users undertake the following best practice in creating and safeguarding their passwords:

Lana avatar
Written by Lana
Updated over a week ago

1. Create strong, unique passwords

Create a password that is difficult to guess and which contains randomized numbers, characters and symbols. Having a strong password will make it significantly more difficult for a hacker to crack and break into systems. Strong passwords are generally considered to be more than 8 characters in length and a mixture of letters numbers and symbols. They contain letters in both uppercase and lowercase. You should avoid using family names, pets or information that is easily linked to you.

2. Avoid bunching numbers and symbols

Spread numbers and symbols throughout the password instead of bunching them together, as this can make it easier for the password to be hacked.

3. Use Two-Factor Authentication

Two-factor authentication can help keep accounts and data safe from hackers. This system requires a PIN to be inputted to gain access to a site, which will be sent to the user via an email, SMS or app. Two-factor authentication protects from stolen passwords and prevents an external person from accessing systems and accounts.

4. Avoid obvious passwords

Linked to avoiding using family names pets etc., users should also avoid obvious, standardized passwords such as 12345 or password1. Instead, users should create unique passwords for each site.

5. Test your password

Ensure your password is strong by putting it through an online testing tool. Microsoft’s Safety & Security Center has a password testing tool to help businesses and individuals come up with passwords that are less likely to be hacked.

6. Refrain from using dictionary words

Sophisticated hackers have programs that search through tens of thousands of dictionary words. Avoid using dictionary words and instead opt for random passwords.

7. Don’t make passwords too long

Passwords still need to be memorable for the user, so avoid anything over ten characters. Around 8 – 10 characters is considered optimum for password safety.

8. Create different passwords for different accounts and sites

Don’t use the same password for every account, as it makes it easier for hackers to break into a multitude of accounts. Use a different password for every account.

9. Use a password manager

Password managers can help ensure high security levels without having to remember multiple passwords. The password manager stores and creates passwords for your different accounts, automatically signing you in when you log on.

10. Secure your mobile phone

Help protect your phone and other mobile devices from hackers by securing your phone with a strong password. Or, better still, use fingerprint or facial recognition passwords to help outwit hackers.

11. Change passwords regularly

Don’t keep the same passwords for years. Changing passwords regularly can be a simple way to boost online security.

12. Change passwords when an employee leaves your business

Make it a standard practice to change passwords whenever an employee leaves the company to ensure they cannot access sites and systems.

13. Stay offline

Sign-out of accounts when you’re not using them and remove any permissions of applications when you have finished with them to avoid leaving access open to online sites that can be exploited by hackers.

14. Avoid storing passwords

Avoid storing passwords either digitally or on paper.

15. Keep virus scanners and firewalls updated

No matter how strong your passwords are and meticulous about safety you are, passwords won’t be safe if a hacker’s spy program is monitoring what you enter on your keyboard. Ensure that you have an up-to-date virus scanner and make regular updates to all devices.

16. Only use secure Wi-Fi

Employees working away from the business should ensure they are only using secure Wi-Fi networks. Public networks bring additional risk from hackers. Companies should also use Virtual Private Networks where possible.

17. Avoid pop-ups, unknown emails and links

Be alert to phishing and avoid clicking on a link that can result in a security breach. Be extremely cautious about links and attachments in emails from senders you don’t recognize. Equally, if you receive an email that requests personal information or private company details and which you weren’t expecting to receive (regardless of whom it has come from) check before you send any details or click on any links.

Did this answer your question?