Best Password Practices for 2020 – How To Protect Your Account!

by | Jun 10, 2020 | Cybercrime

We’ve had a lot of questions recently about cybersecurity and changing passwords, so we thought it would be a good idea to put some information together about the best practices for protecting passwords for your business.

People often think that they’re great at passwords, but this is very rarely the case. We’ve found that most the time, when presented with two passwords and asked which is the “stronger” choice, most people actually get the wrong answer! I think this speaks volumes about how comfortable we are with passwords, when really, we should not be at all.

Your password it the key to your life. There’s more malicious people than ever, and they’re using incredibly smart, AI driven tools. You need to know how to protect yourself, and using a solid system to create the best password possible is vitally important. First, let’s take a look at some common trends in passwords that makes a hacker’s job nice and easy.


Password Patterns (Avoid These):

  • 77% of passwords that have a single digit add it to the end of their password. 10% of the time, an appended digit will be a “1”. If the password has capitals, 15% of the time it will be a “1”. Adding a 1 to the end of your password has become effectively meaningless for your security!
  • 35% of passwords requiring a capital letter will capitalize the first letter.
  • 61% of passwords are the exact length of the minimum length set in the password policy.


Things to Keep in Mind When Creating a Password:

  • Length is more important than complexity. This does not mean complexity is not important, just that length is more important. Shoot for length first, then complexity.
  • Avoid common substitutions, as they are baked into password cracking rule-sets. Common substitutions include: a = @, i = !, s = $, etc. Same with adding a 1 to the end of your password and capitalizing the first character. These are common patterns, and are well-known to crackers.
  • Instead of thinking “password” think “passphrase”. A single dictionary word is extremely bad. Four to five random dictionary words, perhaps separated by spaces or special characters, is robust. The benefit of a passphrase is that it is easier for you to generate entropy while still remembering your key. Generating entropy through randomized characters is hard, and results in a hard to remember password, meaning you will likely end up with less entropy.
  • Avoid “password walking”. This is using a password with adjacent keyboard characters (e.g. “qwerty”, “1q2w3e4r”, “1qaz2wsx”, etc.)
  • You should be using a different password for every website. At the very least, your e-mail password should be extremely strong and unique. If someone gets into your e-mail, they can simply reset every other password connected to that e-mail, regardless of how strong they are. Password re-use attacks are common. I cannot overstate the importance of this one tip.

And finally, here’s a really useful tip from popular internet webcomic xkcd:


Related Articles

How SMBs can benefit from an eSignature solution

How SMBs can benefit from an eSignature solution

Small and medium businesses are constantly looking for ways to deliver excellent customer service, whilst saving time and money. To achieve these goals, businesses look towards digital technologies to transform the way they work. An example of this is an eSignature...

Why businesses should implement single sign-on (SSO)

Why businesses should implement single sign-on (SSO)

Businesses typically have subscriptions to many different cloud services, including everything from Microsoft 365 products to workforce management software. With so many cloud services requiring unique login credentials, employees often reuse passwords between...

~ Your 2023 guide to migrating SQL Server to Microsoft Azure

~ Your 2023 guide to migrating SQL Server to Microsoft Azure

As Microsoft SQL Server 2012  reached its end of life in 2022, businesses still using the service will have to upgrade their SQL server to a more recent instance or migrate to Microsoft Azure. If businesses do not upgrade or migrate, they will no longer receive...