1. Home
  2. Articles
  3. Password Best Practices

Password Best Practices

Password Best Practices

When it comes to creating and managing passwords, following best practices is essential for keeping your online accounts and personal data secure. Here’s a quick, high-level overview of the best password practices you should follow:

1. Use Long and Complex Passwords

  • Aim for at least 12–16 characters.
  • Combine upper and lower case letters, numbers, and special characters (e.g., !, @, #, $).
  • The more random, the better. A strong password might look like: B&3gFz!tD8rRzL9

2. Avoid Common Passwords

  • Steer clear of passwords like “password123”, “qwerty”, or your name and birthdate.
  • Don’t use simple or easily guessable patterns, such as “123456” or “password”.

3. Use Unique Passwords for Every Account

  • Never reuse passwords across multiple accounts. If one account gets hacked, others may be vulnerable.
  • Each account should have its own, unique password to minimize the damage if one gets compromised.

4. Use a Password Manager

  • A password manager helps you store complex, unique passwords for each account securely. It will also help you generate strong passwords and fill them in automatically when you need them.
  • Popular password managers include LastPass, 1Password, and Bitwarden.

5. Enable Two-Factor Authentication (2FA)

  • Whenever possible, enable 2FA. This adds a second layer of protection to your accounts by requiring something you know (your password) and something you have (like a code sent to your phone or generated by an app like Google Authenticator).
  • 2FA is particularly important for sensitive accounts like banking or email.

6. Change Passwords Regularly

  • Change your passwords periodically, especially for sensitive accounts. However, don't change them too often for no reason, as it might encourage weaker choices.
  • If a service has experienced a breach, change your password immediately.

7. Avoid Using Password Hints

  • Password hints can often be too easy for someone to guess, especially if they know a bit about you. It's best to avoid them or make them cryptic.

8. Be Wary of Phishing Attempts

  • Be cautious of emails, messages, or pop-ups asking you to enter your password or other sensitive info.
  • Always double-check the URL of the website you're logging into, and ensure it’s the official site before entering your credentials.

9. Don’t Store Passwords in Plain Text

  • Don’t store passwords in plain text files or unsecured notes on your device. Use a password manager, or, if you must write them down, keep them in a secure, physical location.

10. Secure Your Recovery Information

  • Ensure that the email address and phone number you use for password recovery are up to date and secure. These recovery options should also have strong, unique passwords and 2FA enabled.
  • Consider using a recovery email that’s separate from your main email, to further isolate your sensitive accounts.

11. Monitor Account Activity

  • Many services let you track login activity and notify you if there’s suspicious behaviour. Always enable notifications for unknown logins or password changes.

12. Educate Yourself and Others

  • Stay informed about the latest security trends and best practices.
  • If you share devices with others (family members, employees, etc.), educate them on the importance of password hygiene and not sharing passwords.

13. Use Passphrases Instead of Simple Passwords

  • A passphrase is a series of random words or a sentence that’s easier to remember but still hard to guess. For example: BlueSky!DanceTiger42.
  • This method can offer the same strength as complex passwords but is often easier for you to remember.

14. Be Careful with Shared Devices

  • If you’re logging into an account on a public or shared device, don’t let the browser save your password.
  • Always log out of your account when done, and consider using Incognito Mode or private browsing sessions.

15. Use Biometric Authentication When Available

  • Many devices now support fingerprint or face recognition for secure login. These methods add a layer of protection and are harder to bypass than traditional passwords.

16. Back Up Your Passwords Securely

  • If you rely on a password manager, consider backing up its encrypted vault in case you lose access. Store backups in a secure, offline location.
  • Ensure your backup vaults are encrypted and protected by strong passwords.

17. Lock Your Devices

  • Always lock your devices with a password, PIN, or biometric authentication (fingerprint, face ID).
  • If your device is lost or stolen, it’s much harder for someone to access your data or accounts.

By following these best practices, you’ll significantly improve your security posture and reduce the risk of unauthorized access to your personal and sensitive data.

password security 2fa practices
How a Data Breach could cost you and your business
Windows 10
10 Most Common Types of Computer Viruses (and Malware)