Password Best Practices – How to Create A Strong Password: Module 3 | EasyDMARC

Password Best Practices – How to Create A Strong Password: Module 3

3 Min Read
A lock image on the screen of a phone and a key reaching it

A strong password is a good step forward in protecting your personal and business information. Ensuring that your organization has the best password practices and enforcing them is essential for the protection of each employee and overall security.

This article combines a few helpful tips to create a strong and unique password and secure your personal and work accounts. So, consider this a quick guide on defending yourself from intruders and imposters.

1. Create a Strong Password 

The strength of a password is a combination of its length, randomness, and character combinations. Security experts suggest making passwords of at least 12 characters long. However, one containing eight characters is also an excellent start.

One of the most secure password best practices is using a collection of random words, sprinkling upper case letter(s), numbers, and symbols. You can pick a line from a song to make it fun and easier to remember. Statistically, it’s super hard to guess.

2. Never Use Personal Information to Build a Password

Avoid using your or your children’s names, nicknames, street name, any memorable dates, or publicly available information. Also, best password practices never include common and easy-to-guess words or phrases such as “password”.

3. Don’t Reuse Your Passwords

This is one of the worst mistakes people make. Best password practices forbid reusing passwords, especially weak ones. This approach puts you at risk of losing more than one login credential. Losing access to a few work-related accounts might put your organization at risk of impersonation attack with larger BEC implications.

You might think that choosing a “root” password and adding various characters is a good solution, but it’s not. While it makes the password harder to guess, it’s still a time bomb ready to explode.

5. Activate Two- or Multifactor Authentication

Password policy best practices for organizations always call for integrating multifactor authentication where possible. Two-factor authentication is the light version, but it still makes “breaking and entering” harder (sometimes even impossible). Even if a hacker uncovers the main password, the second and third authentication mechanisms are harder to obtain. Find out more about multifactor authentication here.

More Password Creation Best Practices

  1. Don’t write your password on a piece of paper and put it in a visible place
  2. Never share your password with anyone, even if it’s a matter of urgency
  3. Avoid giving out personal information even on security questions

Bonus Tip: How to Remember Difficult Passwords

Password policy best practices in organizations should enforce the use of password managers. However, not all employees use them, thus creating the need to memorize the strong passwords. If you don’t use a password manager, we recommend making a password that has a vivid association with something you remember well.

You can make an acronym of an easy-to-remember phrase and insert symbols, glyphs, and numbers for enhanced security.


This is the third module on protecting your devices from cyberattacks. To navigate to other articles in the series, click one of the links below:

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us