Best Password Practices for 2020 – How To Protect Your Account!

by | Jun 10, 2020 | Cybercrime

Topics Covered Click a topic for similar articles

We’ve had a lot of questions recently about cybersecurity and changing passwords, so we thought it would be a good idea to put some information together about the best practices for protecting passwords for your business.

People often think that they’re great at passwords, but this is very rarely the case. We’ve found that most the time, when presented with two passwords and asked which is the “stronger” choice, most people actually get the wrong answer! I think this speaks volumes about how comfortable we are with passwords, when really, we should not be at all.

Your password it the key to your life. There’s more malicious people than ever, and they’re using incredibly smart, AI driven tools. You need to know how to protect yourself, and using a solid system to create the best password possible is vitally important. First, let’s take a look at some common trends in passwords that makes a hacker’s job nice and easy.


Password Patterns (Avoid These):

  • 77% of passwords that have a single digit add it to the end of their password. 10% of the time, an appended digit will be a “1”. If the password has capitals, 15% of the time it will be a “1”. Adding a 1 to the end of your password has become effectively meaningless for your security!
  • 35% of passwords requiring a capital letter will capitalize the first letter.
  • 61% of passwords are the exact length of the minimum length set in the password policy.


Things to Keep in Mind When Creating a Password:

  • Length is more important than complexity. This does not mean complexity is not important, just that length is more important. Shoot for length first, then complexity.
  • Avoid common substitutions, as they are baked into password cracking rule-sets. Common substitutions include: a = @, i = !, s = $, etc. Same with adding a 1 to the end of your password and capitalizing the first character. These are common patterns, and are well-known to crackers.
  • Instead of thinking “password” think “passphrase”. A single dictionary word is extremely bad. Four to five random dictionary words, perhaps separated by spaces or special characters, is robust. The benefit of a passphrase is that it is easier for you to generate entropy while still remembering your key. Generating entropy through randomized characters is hard, and results in a hard to remember password, meaning you will likely end up with less entropy.
  • Avoid “password walking”. This is using a password with adjacent keyboard characters (e.g. “qwerty”, “1q2w3e4r”, “1qaz2wsx”, etc.)
  • You should be using a different password for every website. At the very least, your e-mail password should be extremely strong and unique. If someone gets into your e-mail, they can simply reset every other password connected to that e-mail, regardless of how strong they are. Password re-use attacks are common. I cannot overstate the importance of this one tip.

And finally, here’s a really useful tip from popular internet webcomic xkcd:


Related Articles

What is a CRM and how can it help your business?

What is a CRM and how can it help your business?

What is a CRM and how can it help your business? Regardless of the size of a business or the industry it operates in, the key to a business’s growth is its customers. For a business to be successful it needs to manage their customers effectively and efficiently. For a...

Business Intelligence: 5 ways businesses use Power BI

Business Intelligence: 5 ways businesses use Power BI

As businesses become more technology reliant for day-to-day operations, they collect and create massive amounts of data. Visualisation and analysis of this data can transform the way businesses make strategic decisions. However, the sheer amount of data can pose a...

Double Zero-Day in Chrome and Edge

Double Zero-Day in Chrome and Edge

If you use Google Chrome or Microsoft Edge on your computer, stop what you're doing and update your browser. As reported by security blog Sophos Security, Google announced that a zero-day exploit has been found in Google Chrome that could allow hackers to perform...