Critical Tips for Improving Password Security

Strong password security is the first line of defence against malicious threats. We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess.

However, the actual execution of these recommended practices is often lacking. The trouble usually lies with us when we don’t take care of their passwords or don’t make them difficult enough.

Cyber Criminal Hacking Tricks

Before we look at some techniques to prevent hackers from gaining access to your private information, let’s take a quick look at the most common means that are used to crack the password code and get the “keys to the kingdom.”

  1. Guessing: Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that.
    This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
  2. Dictionary-based attacks: Programs run names and other information against every word in the dictionary.
  3. Brute force attacks: Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
  4. Phishing/Brand-jacking: These scams try to fool you by pretending to be someone you trust then track your keystrokes in order to steal private information. If the email request looks odd, ignore it and please don’t click on anything.
  5. Shoulder surfing: Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a petrol station. (debit card PINs are vulnerable).

protect your business with cyber security services

Best-Practice Password Security

There is simply no way to guarantee an unbreakable password. If someone wants something bad enough and is smart enough, they can figure out what they need to do to get it. Most are not that patient though, so any deterrents are usually enough to make them give up and find an easier target.

Some best practices include:

  1. Use Multi-factor/Two-factor Authentication when it is available
  2. Make sure password length is at least 8 characters
  3. Don’t use real words
  4. Use both upper and lower case characters
  5. Include numbers and special symbols when allowed
  6. Don’t use personal data
  7. Make patterns random and not sequential or ‘ordered’

What else can be done to increase password security? Here are some “do’s” and “don’ts.”


  1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Of course, it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
  2. Keep corporate and personal passwords separate.
  3. Log off your computer or lock it when you leave it for any period of time.
  4. Use a password manager like Dashlane or Lastpass to store your passwords securely.
  5. Only change passwords if there is a concern that it has been compromised.
  6. Protect service accounts and API passwords


  1. Write passwords down or store them in the office.
  2. Store passwords on any device.
  3. Give passwords in emails or IMs.
  4. Give your manager your password.
  5. Discuss passwords with others.
  6. Force regular password changes (this risks users selecting password patterns that are easier to remember, but less secure)
  7. Use remember password function in applications.
  8. Use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed.

It’s never too early to start utilising these recommended password security practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you from malicious web attacks.

Need Cyber Security Assistance in Your Business?

Surety IT offers expert IT support and IT services for small to medium businesses, including IT Security Strategies and best practice cyber security practice. Contact Surety IT today if you’d like to discuss your

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top