We are in an age of unprecedented digital technology and connectivity. As a result, businesses face an ever-increasing risk of cyber-attacks and security breaches. Just glance at the news to see how frequently such incidents occur. These attacks and breaches can be extremely costly and debilitate a business’s vitality and reputation. One of the most commonly exploited areas of a security system is the password. Attacks on passwords can occur physically on-site or through online brute-force attacks.

Consider the following five points to create and maintain a more secure password:

  • Keep it long: The length of a password is much more important than its complexity. A lengthy password takes much longer to crack than a shorter one, even if a short password has complex characters. Experts suggest a minimum length of between 12 to 15 characters. Avoid single words. It may help to use a phrase or sentence to reach a beneficial length.
  • Add some complexity: While length is key, adding complexity to your password (such as uppercase letters, numbers, dashes, spaces, and other special characters) will strengthen it. Complexity adds an additional obstacle for would-be hackers. Hackers look for simple words, phrases, and patterns. As noted above, consider using a pass-phrase instead of a word. This adds to both the complexity of the password and your ability to remember it.
  • Make it unique: Don’t use personal data, general details about your life, or any information that could be reasonably guessed in your passwords. Avoid common words and phrases, such as common dictionary words, sequential letters or numbers, the word “password,” etc. As a general rule, stay away from these commonly used passwords.
  • Switch it up: Don’t use the same password for every account/login point. If you use multiple passwords, make sure your passwords are sufficiently different from each other. While there is debate as to how often you should change a password (especially in the case of a strong/complex password), consider changing it periodically, or as directed by your IT manager. Consider changing it if you suspect that your password is compromised, if you use the same password on multiple accounts, if you use a shared password, if your password seems weak, or you just feel it’s time to change it.
  • Store it securely: Consider using a password manager program or app to store or manage your passwords—especially if you use multiple or complex passwords. Avoid writing down your passwords. For an extra layer of security, you might also look for multi-factor authentication.

Creating a strong password is just the start of securing your information against data intrusions and cyber-attacks. Depending on the needs of your organization, you should implement sound data protection procedures and policies as part of your information governance program to better protect yourself and your business.


Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

Author: Jared Walker, JD

Author: Jared Walker, JD

Senior Research Analyst, Team Lead / Licensed Attorney