Navigant's Cyber Risk and Information Security PracticeLearn More


Three Tips to Better Password Security10 November 2015

Academia, Financial Services, Healthcare, Non-Profit, Policy Development

One of the main security features that keep account information out of the wrong hands is a password. We have passwords for everything; email accounts, social media sites, bank accounts, etc. But what if our passwords are compromised? Once a user’s password is obtained by a hacker, it’s possible to access all of the information within that account. If the same password is used for several accounts, then each could be compromised. To lower your risk of a password breach, here are three tips to better password security.

1.Create Strong Passwords
A good rule of thumb is that if it’s easy for you to remember your password, it will be easy for someone else to guess it. We’re all guilty of using “Password123” for new accounts so that you never have to worry about forgetting the credentials. These types of passwords are easily identified and exploited by unauthorized parties. It is important to create a password that is somewhat random original (no re-using passwords for multiple accounts). Here are some things to consider:

  • Use special characters
  • Make your password as lengthy as possible (COMPASS recommends 10+ characters)
  • Use both capital and lower case letters

Another great way to ensure your passwords are complex is to use a password generator. You can find sites online that will generate a password at random using credentials you provide. These passwords are difficult to remember, but provide an extra layer of security to your accounts.

2. Store Passwords Wisely
Now that you have developed complex passwords for your various accounts, how are you going to remember them? It’s common for users to put their passwords on a post-it, save them in their browser, or keep a list of passwords at their desk. None of these are recommended ways to store your passwords. For a funny reminder of this, here’s a brief clip from Ellen DeGeneres.


While the above clip is comical, it shows how many of us get into the habit of writing our passwords down where someone could easily access them. If it’s not possible to remember your passwords, there are various password storage applications that you can download on your phone. It’s important to select an application that is password encrypted. This will require you to remember one password (the one to the application) and then you’ll gain access to all of your passwords.

3. Frequently Change Your Passwords
Even with a strong password, it’s possible that a hacker could identify your credentials and gain access to your account. This is why frequently changing your password is a critical part to password security. Many platforms automatically require password resets every month, quarter, year, etc. For the ones that do not, COMPASS recommends manually changing the passwords every 90 days. This makes it more difficult for anyone to guess your credentials since they are constantly changing.

For more information on ways you can strengthen your security posture, download our Best Practices To Protect Your Organization’s Sensitive Data, or contact us to discuss.

Work With Us Learn How