How to Make Strong Passwords: 12 Tips for 2024 [UPDATED]
Editor's note: This post was originally published on September 12, 2023 and has been revised for clarity and comprehensiveness.
Creating strong passwords is time-consuming. It's easier to use simple and predictable passwords, but unfortunately, hackers also have an easier time cracking them.
So, in this article, we’ll present multiple tools and strategies for creating stronger passwords for your entire organization.
As a Managed Security Services Provider (MSSP) for over 20 years, Intelligent Technical Solutions (ITS) has used these strategies to help businesses improve their cybersecurity, and these tips are all tried, tested, and proven.
By the end of the article, you’ll have the information you need to help create hard-to-crack passwords and protect your online identity from potential threats:
1. Use a Password Manager
Using a reliable password manager is the number one tip for creating and managing secure passwords. It streamlines the entire process, as most password managers have a secure database, 2FA support, password randomizer tools, and insight into your password strength.
The need to keep track of every account often causes people to resort to one weak password, but with a password manager, you won’t have to remember each password.
You’ll also have an easier time organizing accounts and accessing passwords across multiple platforms.
2. Always Include Letters, Numbers, and Symbols
When creating passwords without using a password manager, always incorporate a mix of upper- and lower-case letters, numbers, and special characters like: !@#$%^&*()_+.
While the NIST password guidelines do not necessarily require special characters, it’s still generally a good practice to include them. You’ll just need to be careful and stop yourself from using repetitive passwords with only one or two special characters thrown in.
3. Avoid Using Common Words or Phrases
Hackers can use dictionary attacks to guess passwords, so avoid using common words or phrases like "password" or "1234".
It’s easier than ever for hackers to brute force common passwords, giving them access to your information linked to the account, such as credit card details, personal emails, and contact information.
4. Use Longer Passwords and Passphrases
The longer your password, the more difficult it is to crack. Aim for a minimum of 12 characters or more (16 is much better).
Also, consider using passphrases instead of passwords. A passphrase combines random words that are easy to remember but difficult for others to guess, like “Do or do not, there is no try.” Which eventually turns into a passphrase like “dodnt!n0try.”
5. Use a Unique Password for Each Account
Using the same password for multiple accounts is a significant security risk. To protect yourself from cyber-attacks, you should always use a unique password for each account.
It might seem unnecessary, especially if your default password is already complicated, but unique passwords ensure hackers can’t access multiple accounts if one password is compromised.
Depending on your industry, you might even be legally required to use different passwords. It’s a recommended best practice for online security and is part of the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
6. Create an Organization-wide Password Blacklist
A password blacklist is a list of words or phrases commonly used in passwords. Organizations leverage these blacklists to prevent users from creating weak passwords, which could put their accounts and personal information at risk.
These blacklists are highly beneficial as they can be incorporated into an organization-wide password policy. It promotes better overall security, consistent password policies, and compliance with IT best practices.
7. Keep All Passwords Private
This rule may seem like a no-brainer, but you’d be surprised how many organizations fail to follow it.
Password sharing often happens when team members want to save money on accounts and give others access to the same service. But it results in a glaring security vulnerability.
To mitigate this risk, use and abuse password managers. They often have features to make password sharing safer by offering to send the credentials to other registered users without showing the password.
There are also options to sign in via QR codes that bypass the need for passwords altogether.
However, despite current tools that make password sharing seem more secure, it’s still a best practice to never share passwords with colleagues, staff, family, and friends.
8. Plan Out Secure Password Recovery Protocols
Accidents happen – people make mistakes. Sometimes, we forget or lose passwords, and part of creating strong passwords is ensuring you can keep making strong passwords securely.
When creating your password recovery protocols, make sure you:
- Have a list of accounts
- Always authenticate identity and never provide password hints
- Establish clear recovery procedures
- Have encrypted back-end databases
These simple steps for preparation will quickly reduce downtime costs whenever someone forgets their password and keep you up to date with IT government regulations.
Your helpdesk will also thank you since end-users will have an overall better experience, reducing IT noise and lessening the number of stressed-out staff your IT team needs to face.
9. Immediately Change Compromised Passwords
Whenever you hear of a security breach, immediately change your passwords in the compromised accounts.
It’s all too easy to let it slide to the bottom of our priorities. But when we put it on the back burner, we open ourselves up to a higher chance of a security breach.
Also, if you’re under different regulatory bodies that require consistent password changes, consider leveraging tech to enforce password expiries and replacement.
10. Enforce Lock-out Policies
Set account lock-out policies to prevent brute force attempts to compromise a password. In your policies, trigger an account lock-out of at least 30 minutes after 5 failed attempts in a 10-minute period.
Putting this rule in place helps stop brute-force attacks from bad-faith actors.
11. Enable Multi-factor Authentication (MFA)
Creating strong passwords involves implementing multiple layers of security. Never rely solely on passwords to keep you safe. Enable MFA on all systems that support it as much as possible.
RELATED: What are the Types of MFA? (& the Best MFA For Your Business)
12. Utilize Single Sign On (SSO)
If you have the option to use SSO, use it. It bypasses the need for a password and helps lessen the number of independent account identity stores.
It also vastly helps smoothen the log-in process and simplifies your team’s onboarding and offboarding.
Ready to Make Strong Passwords for Your Organization?
We can’t deny it’s harder than ever to protect your information. But with a few tricks, you can increase your password security and make it harder for cybercriminals to hack your organization.
Remember to use a unique password for each account, avoid common passwords and patterns, and use a password manager to store your passwords securely.
Additionally, implementing an organization-wide password blacklist and planning out secure password recovery protocols can further enhance your password security.
With these best practices, you can rest assured that your online accounts are well-protected and secure.
But as an MSSP, ITS knows cybersecurity doesn’t end with stronger passwords. Here are more resources you can read to improve your network’s security:
- Ways to Protect Your Business Amidst Alarming Rise in Password Attacks
- eBook: 3 Types of Cyber Security Solutions Your Business Must Have
If you want a personalized analysis of your organization’s cybersecurity gaps, get a FREE cybersecurity assessment from our team.