Explore Elite Risk Management Services

Private Strategic Group

Article

Password Safety & Security Best Practices from our Experts

25 NOV 2024

/

3 min read

Authors

Saba Sattar

Intelligence Analyst III, Cyber Intel Lead

Jonathan Vincent

Cyber Intel Lead

Share

Jump to

Make long passwords
Use a Password Manager
Enable Multi-Factor Authentication (MFA)
Password Safety & Security Best Practices from our Experts

Poor password hygiene can create critical security risks. These unsafe practices make it easier for cybercriminals to crack or steal passwords using malicious software, tools, or social engineering to access employees' personal identifiable information, compromise websites and system data, and make organizations vulnerable to preventable cybersecurity breaches. Some of the most common poor practices include:

  • Using weak or predictable passwords, such as “12345” or “password” or names of family members or pets.
  • Using short passwords, or overemphasizing password complexity over length.
  • Reusing passwords across multiple accounts, even if the password is strong enough.
  • Storing passwords insecurely, such as on sticky notes, as plaintext files, or as unencrypted documents.
  • Sharing login credentials with colleagues or family members.
  • Not using password managers.

To maintain data security and protect the organization against cyberattacks, the following best practices can be put in place:

Make long passwords

Short passwords are easy for hackers to break using password-cracking software. Short passwords of six characters or less can be broken relatively easily; however, with each additional character the password becomes significantly more time-consuming, and therefore difficult, to crack. Passwords should be at least eight characters long as they are exponentially more difficult to crack than a six-character password.

Although password complexity (using upper case letters, numbers and special characters) is also desirable, according to the National Institute of Standards and Technology (NIST) it is not nearly as important as password length. A good password can be three random words or a phrase of appropriate length.

Use a Password Manager

Passwords are vulnerable when they are easy to guess or when they are made public after a data breach. Password managers mitigate both risks by generating and saving complex, random passwords unique to each of a user’s accounts. Complex passwords are difficult to guess, and if one is exposed in a data breach the damage is minimized because it is not shared among the user’s other accounts.

Password managers offer free and paid options. Standalone password managers (e.g., 1Password, LastPass, Bitwarden) are typically best due to their features and flexibility, but built-in browser or operating system password managers may also meet needs. Additional password manager features include the capability to store other sensitive information (credit card numbers, addresses, etc.) as well as options to share passwords without revealing them.

Enable Multi-Factor Authentication (MFA)

After they enter a password, MFA prompts users for another way to prove their identity, such as via mobile app notification, biometric scan, or text message (SMS) code. Even the best passwords aren’t immune to being cracked or exposed to a breach; MFA is a crucial layer of additional protection.

MFA availability varies, but many banking, shopping, social media, email, and other online services provide it. MFA can also be used to protect password managers for an additional layer of defense.

Related

Aerial view of a football stadium and its surrounding urban neighborhood
Intelligence Analysis

Canada/Mexico/US: World Cup 2026 Cyber Risks Extend Beyond Stadium Systems

May 4, 2026

Rising Geopolitical Tensions Highlight Vulnerabilities in Global Underseas Cable Networks
Intelligence Analysis

Middle East Conflict Raises Risks to Undersea Fiber Optic Cables and Digital Connectivity

May 1, 2026

African American Woman Reading Online News on Smartphone and Laptop:
Intelligence Analysis

Iran’s “Slopaganda”: Information Warfare, Global Narrative Power, and Business Risk

April 27, 2026

Airplane wing against a golden sky
Intelligence Analysis

China’s Prolonged Offshore Airspace Reservation Signals Rising Political and Operational Risks

April 10, 2026

Tags

Cybersecurity

Sharpen your 
view of risk

Subscribe to our newsletter to receive our analysts’ latest insights in your inbox every week.

Intelligence & Insights

Intelligence 
Worth Gathering

Employing a team of 200+ analysts around the world, Crisis24 is the only source you need for on-point, actionable insights on any risk-related topic.
Doctor or Nurse talking on the phone in an clinical office setting

Case Study

Critical Care Under Fire: How Crisis24 Helped Save a Child in Iraq

Read how Crisis24 delivered urgent pediatric medical assistance in Iraq, sourcing essential medication for a stranded child amid conflict, travel disruption, and security risks.

May 20, 2026

Ebola response epidemic disease in Africa, medical workers gearing up in PPE in rural African setting.

Intelligence Analysis

DRC, Uganda: Ebola Outbreak Declared a Public Health Emergency of International Concern

The Ebola outbreak in DRC and Uganda constitutes a high-risk regional event, as delayed detection complicates containment measures.

By Robyn Mazriel, Jade Smith

May 20, 2026

Hurricane viewed from space

eBook

2026 North Atlantic Hurricane Season Outlook for Businesses

The 2026 Atlantic hurricane season outlook provides forecasts, preparedness guidance, and risk mitigation strategies for businesses and travelers.

May 14, 2026

Airbus A320-232 and a Boeing 737-800 passing through at sunset at taxiway waiting to take off

Intelligence Analysis

European Jet Fuel Disruptions Raise Summer Travel Risks

Europe’s jet-fuel market remains tight, raising risks of higher fares, route changes, fuel stops, and localized flight disruptions this summer.

By Alejandra Gentil, Aviation Lead, Global Intelligence

May 14, 2026

Explore All