layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

12 Best Password Practices for World Password Day 2022

Posted 5th May 2022

As the business world modernises, operating a successful business without using technology is practically impossible. While innovative technical solutions are facilitating many advantages in increasingly competitive markets, there are also some significant difficulties and vulnerabilities that can arise. As a result, cyber security has become increasingly important in recent years.

If you’re looking to ramp up your cyber security, password protection is the ideal starting point. Password protection is the act of setting a password to secure an entity’s data. Only those users with the correct passwords can access sensitive information or accounts once data has been password protected. However, as passwords have become so frequently used in both our business and personal lives, many people tend to underestimate their significance or make careless mistakes, which could result in security breaches.

Therefore, it is essential that businesses devise effective strategies to educate their employees about the best practices of password use.

6 Password “Don’ts”

If you want to protect the confidentiality of your passwords, there are six actions you should never take.

1. Don’t write down your passwords physically
Although you might be under the impression that writing down your passwords ensures that you will not forget them, while making it more difficult for cyber criminals to steal your passwords online, it opens an opportunity for someone to steal your passwords locally.

2. Don’t save passwords to your browser
Web browsers are not a safe place to save any sensitive information, including passwords and credit card numbers. They can easily be compromised by a wide range of malware, software and browser extensions, meaning that confidential data can be extracted from them.

3. Don’t iterate your password
Iterating your password involves changing it very slightly for different accounts – for example, NewCMI1 to NewCMI2. While many users think this will increase their password security, it is actually unlikely to protect against more sophisticated cyber threats. As the cyber security landscape has evolved, hackers have become more advanced and can now track iterated passwords quickly and easily.

4. Don’t use the same password across multiple accounts
If you do, in the unfortunate eventuality that one of your accounts is compromised, you are giving cyber criminals a golden ticket to gain access to all your other accounts.

5. Don’t capitalise the first letter of your password
When faced with the ‘one capitalised letter’ requirement, many of us tend to automatically capitalise the first letter of our passwords. While this might seem convenient, hackers are aware of this trend and so it makes it far easier for them to guess where the capitalised letter is positioned in your password.

6. Don’t use “!” to conform with the symbol requirement
When setting a new password, often users are required to include a special character or symbol. Unfortunately, the exclamation mark is the most commonly used symbol, making it the least secure. If you must include it in your password, ensure that you do not place it at the end as this is most obvious. Positioning it anywhere else in the sequence will make your password far more secure.


6 Password “Do’s”

If you want to increase your password protection, these six actions are definite ‘do’s!

1. Increase the complexity of your passwords
Ideally, your passwords should be long and phrase-based, and you should exchange letters for numbers and symbols. For example, if you wanted the password ‘BCN’, you should write it as BC8’. This makes it far harder for cyber criminals to crack your password.

2. Change important passwords every three months
If you use a password for a long period of time, hackers are given more time to crack it. For passwords protecting confidential information, the consequences of data compromise would be severe. Therefore, you should ensure that you change your critical passwords every three months.

3. Change non-critical passwords every six months
In order to do this, you must establish which passwords are critical and which are not. However, whether or not a password is deemed critical, changing them regularly is good practice to ensure they are not compromised over time.

4. Implement multifactor authentication
Introducing multiple layers of authentication, including passwords, keys and biometric data, is an excellent way to block cyber criminals from accessing sensitive data.

5. Increase the length of your passwords
You should always use passwords that are longer than eight characters and include letters, numbers and special characters (symbols). This makes it more complicated for hackers, and therefore harder for them to crack.

6. Use a password manager
A password manager is a software that securely stores, manages and generates passwords. This relieves the burden of remembering lots of complicated passwords and frees up time to focus on more important and productive tasks.


Do you need a password manager? We can help.

Adhering to these password best practices requires a significant investment of time, effort and resources on your part. Therefore, it is best to work with cyber security experts like BCN, who can help to ease the burden, enhance your security posture and provide complete peace of mind. Get in touch with our security experts today for a no-obligation consultation.

Start your journey to accreditation and better cybersecurity today

Register for a Cyber Essentials readiness assessment.

Get in touch down down down