Password Protection Best Practices

Up to 80 percent of security information breaches can be traced back to weak passwords or poor password protection, according to the University of Miami.
In today’s modern society, just about everything is password protected. In fact, you probably have more passwords than you have socks. Coming up with multiple passwords that are both safe and easy to recall is no easy task. However, the better your password protection policies are, the less likely you or your staff’s passwords will be cracked.
To increase the protection of your passwords, follow these password protection best practices:


  • Use strong passwords. Strong, complex passwords are typically at least eight characters in length and include a combination of letters (uppercase and lowercase), numbers, and alpha-numeric characters. Never use your birthday, name, social security, friend’ name, family name, pet’s name, or any other common word or phrase.
  • Change passwords frequently. You should change passwords as frequently as possible. If you have network access for employees, set your passwords to expire at regular intervals.
  • Use unique passwords. Never use the same password for multiple accounts; this is particularly important for your most coveted accounts, like your online bank account.
  • Use a password generator. Password generators create highly secure, random passwords that are extremely hard to crack, let alone guess.
  • Don’t use default passwords. Many websites provide you with a default password when you initial register or sign up. Make sure you change your default password immediately.
  • Test your password safety. Microsoft has a handy password safety checker.
  • Provide password protection. Passwords should not be shared or kept in a non-secure location. If possible, lost passwords should never be able to be retrieved through non-secure email communication, without having additional security measures in place.
  • Use account lockout security. After a user attempts to log on unsuccessful after a certain number of attempts, one of the password creation best practices security measures is to lock out the user.
  • Disallow frequent reuse of a password. Users should not be able to use the same password multiple times in a row. For example, systems should have a configuration that requires a password to be different than the last five passwords used.

Password protection best practices can be challenging, if only because of the sheer number of passwords we have today. But passwords are still the most common proof of identity and authentication used by websites and computer systems today. Remember, cyber criminals have a toolbox of sophisticated tools that can quickly decipher weak passwords, so make sure your practice good password protection.