Nine Rules For Strong Password Creation


Do your employees know how to create a strong password? Is authentication management a priority at your company?

If you’re answering no to either question, you could be placing your organization at serious risk. Why? Because guessing employee logins is one of the key ways hackers try to get into your organization. It’s one of the things they try first before they graduate to more complicated schemes like phishing or link baiting. The reason is obvious. An employee login is like a golden ticket giving cybercriminals full access to anything they’d like in your network—admin codes, customer data, competitive information, and a whole lot more.

Here’s how easily a hacker can implement one of these scams. Imagine, for a moment, that a hacker has obtained an employee email address off your website, or through a mailing list, or through some kind of hack. All they have to do is find the link to your employee log-in page. If that employee has an easily guessed password like “password” or “myname123,” a hacker can literally walk right through the front door of your network, completely undetected.

Password management is simply job #1 for your company, your IT department, and your employees, every day.


Password Rules: A Few Simple Standards

Fortunately, password rules are simple and easy to teach. It’s so simple, in fact, that our nine rules are actually an acronym—GET STRONG.

– GET RID OF LOGINS WRITTEN ON PAPER. Lost or misplaced sticky notes are a boon to thieves.
– ESCAPE COMPLEXITY Even though the password rules may be complicated, try to create them so they are easily remembered.
– TEACH EMPLOYEES Make sure all employees know and follow password rules and requirements.
– SIZE MATTERS Longer passwords are harder to hack, so all passwords should be a minimum of 8 characters. System passwords should be between 12 and 50 characters in length.
– TRUST NO ONE Add authentication processes to logins, such as Google Authenticator, Duo, RADIUS tokens, or other 2-factor options.
– ROTATE OFTEN Users should change their passwords every 90-180 days.
– OMIT DUPLICATES Never use the same password across multiple applications, systems and accounts.
– NO CHEATING  Disable password hints.
G – GET A VAULT Store passwords in secure, encryption.-enabled vaults such as 1Password.


More Resources on Authentications and Cybersecurity

Passwords are a fact of life for most modern companies—a necessary evil we all must deal with at one time or another to keep our systems safe. But did you know the future lies in more hardened and mature ways of handling authentication? More companies are moving to multi-factor authentication, which combines your login with a secondary login on your phone. Download our free Multi-factor authentication guide, if you’d like to learn more. And as always, if you’re interested in installing a multi-factor, zero-trust authentication system at your company that adheres to all regulatory standards, we’d love to help you! Contact us today for a free consultation!

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as,, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

The Password is Dead: Introducing MFA

The Password is Dead: Introducing MFA

As luck would have it, “password12345” just isn’t cutting it for account security anymore. The password is dead: more and more headlines are using this phrase to describe severe security issues with the average password. It’s true that bigger and bolder hacks have...

Zero-Trust Architecture: What is it and why should you care?

Zero-Trust Architecture: What is it and why should you care?

If you're like most people, the thought of your sensitive business data being stolen by some creep (that probably spends their entire day in pajama pants covered in Cheeto crumbs) is both infuriating and panic-inducing. You've got two choices: 1. You can either go to...

Why Multifactor Authentication is Way Better Than Passwords

Why Multifactor Authentication is Way Better Than Passwords

Time hasn’t been kind to the password. It’s continuously put down as one of the least secure methods of protecting systems. It’s not due to any fault of the password, though. People just have a hard time remembering long and complex passwords. And considering what's...