3 Steps to a more secure password

There’s a lot of talk around cybersecurity lately with all the recent data breaches and it doesn’t look to be slowing down in 2019. Big headlines, millions of passwords leaked! but you know what’s missing? some basic advice for small business’ about how to keep your IT systems secure.

In this post, I’m going to tell you about 3 simple tips that you should implement today to create a secure password for yourself and something you can share with your family and friends. If you missed my first post on Cybersecurity Awareness and 2FA you can access it herehttps://gkm2.co/2AQS3Xh

Step 1:

Think passphrase instead of a password. A passphrase is a series of words instead of a traditional password.

Here’s an example of a passphrase “ParramattaEelsAreTheBestNRLTeam#1”

This is much easier to remember than something like “$@d32vpa” and guess what? it’s more secure. The reason for this is due to the length of the password. 

A lot of hackers out there use brute force methods of attacking.  In this method, they run software to guess the password, however the longer the password, the more time it takes to detect. Having a passphrase with multiple words combined takes years to crack instead of a few hours.  

Step 2:

You’ve probably been told to change your password on a regular basis. This is often preached as good practice, but research has shown that this is not the case.

The reason for this is due to users just changing part of the password when asked on a regular basis that they must change it. This often turns out to be changing the last few characters or incrementing a number at the end. 

The other reason frequent password changes should be avoided is you tend to forget new passwords sooner and that leads to users writing down their password on a post-it note or similar. How many of you store passwords on a posted note and stick it to your monitor?

It is however best practice is to ask employees to change their password immediately in the case of a potential threat or compromise.

Step 3

 If budget permits, use a Password Manager. This is a piece of software that serves the following purposes listed as follows;

  • It will help generate a very complex password (16 characters or more with complex symbols, letters and numbers). It will even do pass phrases :)
  • It’s always best practice to have a different password for each cloud service you use. This tool will assist in generating a new unique password each time. It will also usually tell you if you have duplicate passwords for different sites in it’s database and flag them for your review.
  • Passwords are encrypted and you only need to remember one “master” password which you should make quite strong.
  • Passwords are typically synchronised across devices so you would have the Password Manager App/Extension installed on all your devices including your mobile device.
  • Usernames and Passwords are automatically filled out for you when browsing to a site in which you have the password stored.

Some example of Password Managers that you can look at in no particular order include; 1Password, Dashlane, LastPass and RoboForm. There are many more out there so do your research before settling on one.


Here is my last bonus piece of information that you can take away. As I mentioned in the first paragraph, many large corporations such as Marriott Hotels have reported a security breach in the last 6 months and there have been many more. We are talking millions of personal details including usernames/email addresses and passwords that have been stolen, and guess what? Your name may be on the list.

You can check to see if your personal or business account has been hacked by using this free tool: have i been pwned

This tool checks your company email address or personal address against a database of information that is actively being sold for profit on the dark web. 

If you have had an account breached or would like to secure your IT systems, then please click here to get in contact with us.

Don’t forget to download your 2019 Small Business IT Security Blueprint.