Choosing Secure Passwords

Curtis Glassen Helpdesk Tech Tips

Everything requires a password today. Passwords can become a huge nuisance to keep track of, especially if your IT systems enforce password policies. However, within small-medium businesses, passwords are often the only thing that separates IT systems and data from the outside world. Because of this, it’s crucial that these passwords are adequate. Here are a few quick tips on how to choose your passwords.


Passwords should be a minimum of eight characters.


  • Choose Passwords that include numbers, capital letters, and symbols. They should be complex and therefore difficult for unauthorized people to guess.
  • Avoid basic combinations that could be easy to crack. For example, while “Pa$$w0rd” seems to be long and complex, it is commonly used and commonly defeated.
  • Try to choose something that only has meaning to you.
  • Avoid dictionary words, common phrases, and even names. Hackers  use (electronic) dictionaries to crack passwords.


Ideally, passwords should be changed every 30 to 60 days. While this is a point of much debate recently, regularly changing your passwords will minimize your risks from spying eyes, former employees, or more advanced attacks. Avoid incrementally changing your passwords such as “password1, password2, January, February, etc, etc”.

Don’t Re-use:

Make sure you do not use the same password across multiple platforms. If one platform is compromised, all other platforms with the same password become vulnerable.

Storing your password:

Lists of regularly changing passwords should not be recorded in computer docs, sent via email, or jotted down on a sticky note near your station. Instead, try using a password manager.


Email is one of the most important accounts to secure. Systems usually allow users to reset their passwords by means of a “forgot your password” option. This option typically sends a password reset link via e-mail. This means, if someone were to gain access to your email, any system with this option could be accessed by the attacker.

Mobile Devices:

Mobile devices often store saved passwords, sensitive information, and email access. It’s critical that you use a password to secure your mobile devices (phones, tablets, etc.). Additional safeguards, like password policy enforcement, lost device tracking, and remote erase/wipe can be accomplished with our Mobile Device Management.


Overall, the process can be a bit of a nuisance but is crucial to do correctly. The risks are far too great to skimp out on passwords. Your company should have an enforced password policy in place. In the event that a password is forgotten, our support team can easily reset them for you.

For a more in-dept look at your IT security: Check out our guide: Is Your IT Security up to Par?>>

Not a Managed IT Services client yet? Check out our guide: Are Managed IT Support and Services Right for You?>>