How To Create Strong, Complex Passwords to Protect Your Organization

Create Strong Passwords

First, some best practices:

Enable phishing-resistant multifactor authentication (MFA) whenever possible
If you can, use a password manager and protect it with MFA and/or a long password/passphrase
Use a password generator to create truly random passwords with a minimum of 12 characters
If you must create a password, use a passphrase with a minimum of 20 characters
Never share passwords between accounts
Keep your passwords private – never share a password with anyone else
Do not write down your passwords

How to create a strong, complex password

If you must create a password, here's a way to make a strong password that’s very hard to crack. Use one of these two methods:

Create passwords with at least 12 characters that are truly random, ideally using a password generator. Example: R#Yv&ZCAojrX
Think of a random phrase with at least 20 characters that is easy to remember. Example: 2belivingtherockandrolllifeforever

Check the strength of your password

There are a number of online tools you can use to check the strength of your password. While none of them will guarantee an unbreakable password, they are a good double-check. Here is an example from Dashlane. If your password is not strong enough, add some more characters at the end. The example above scores medium, but if you add some numbers at the end, it goes up to strong.

Why this is important - see how easy it is to crack weak passwords

In the video below, Kevin Mitnick shows you the importance of strong passwords, what his recommendations are, and how easy it really is for cybercriminals to crack passwords:

Password management software products

There are good password manager software products on the market today. Some are free; none are very expensive. Using one of these products, you can create truly random, very long, and unique passwords for each site, and because the software will remember them for you, you never have to worry about what your password is. Your password manager will store and encrypt the passwords for you, and log you in automatically. You will have vastly improved security, with only one master password to remember. Use our advice above to create a very strong master password!

Get Your Free Password Security Resource Kit

Password threats leave you open to phishing and social engineering attacks, so we created this free resource kit to help you defend against vulnerabilities. Request your kit now for your free resources from KnowBe4 experts Kevin Mitnick, Chief Hacking Officer, and Roger A. Grimes, Data-Driven Defense Evangelist. Learn about the real risks of weak passwords, why password management is key to building a strong security culture, and our best advice on how to protect your users and your organization.

Here's what you'll get:

Three Password Hacking Demo Videos from Kevin Mitnick, KnowBe4's Chief Hacking Officer

Access to our free on-demand webinar The Good, the Bad and the Truth About Password Managers featuring Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist

Our most popular password whitepaper: What Your Password Policy Should Be E-Book

A Password Best Practices Guide to share with your users

Posters and digital signage to remind users the importance of good password hygiene