Password Strength Best Practices

October 28, 2019 by ACA Aponix

October is National Cyber Security Awareness Month in the U.S. Throughout the month, we will send you tips and best practices on a different cybersecurity topic. Today's topic is Password Strength.

Passwords are the most common method of authentication, but remembering a unique password for each account you have can be a pain. However, it's critical to manage your passwords sensibly to prevent an account breach. Modern hacking tools can cycle through every possible eight-character password containing mixed-case letters, numbers, and symbols in only a few hours. We recommend the following best practices for creating and managing passwords to help protect your accounts from a cyber-attack:

  • Make passwords as long as possible. Some clients we work with require 24 characters. Consider using longer passphrases.
  • Include special characters, not just letters and numbers.
  • Do not use dictionary words, even when combined with a number. Avoid commonly used words like “password” and “welcome.”
  • Do not allow exemptions for password length or expiration, even for senior management and IT administrators.
  • Do not re-use passwords.
  • Do not use your email password for any other account.
  • Enable two-factor authentication whenever possible.
  • Do not store passwords in an easily accessible location, such as a file on your computer or a note on your desk or computer screen. We have seen cases where stolen, unprotected password files from key staff members have resulted in financial losses for firms.
  • Use a password manager application to generate and securely store multiple complex passwords.

If you have any questions about passwords or other cybersecurity measures, please contact us at

For more information about Cyber Security Awareness month, visit the U.S. Department of Homeland Security website.