Passwords are the digital keys to your business, and making them strong is one of the simplest ways to protect your data from cyber threats. But what exactly makes a "good" password?

The Common Wisdom

A good password is at least 12 characters long and a mix of uppercase letters, lowercase letters, numbers, and symbols.

One should avoid using easily guessable words like your company name, "password123," or anything that could be found in a dictionary.

Instead, use passphrases: a random combination of words that don't relate to one another. For example, "RainyCows!Jump98" is much harder to guess than "Company2023."

Then, what if you used subtitution ciphers like R@1nyC0w$!Jump98? That makes things a little better and still keeps the memmonic.

But they all still suck. They suck hard, and suck bad.

My Advice

A great password is completely incomprehensible gibberish between 25 and 50 characters. This is a great password.

b^RYHKWO@yS4WLfxzUBLV1BJozhldrLm

All your passwords should look something like this password.

Okay, so why?

1. Even combined in phrases, words that can be matched against a dictionary are vulnerable to a computer looking them up. Take [Rainy]. A dictionary term, a standard microcomputer can run pattern matches in seconds against this word, same for [Cows] and [Jump]. So, if the only entropic (variable) expressions are ! and 98, the computer needs to spend maybe another 20-30 minutes brute-forcing those last three characters.
   

2. Substitution ciphers are factored into the hack. Programmers are smart enough to convert the text string C0w$ to Cows. They’re not idiots.
   

3. Complete gibberish must be brute forced on every character. That process could take a standard microcomputer 500 years to figure out, and that time is the deterrent. 30 minutes with R@1nyC0w$!Jump98 vs 500 years. Who do you think the hacker is going to attack next?

But I Can’t Remember That!

Right. You’re not supposed to, so don’t even try.

Using a password manager like 1Password or this cool little extension for Chrome can make this process even easier. Password managers can generate and store complex passwords for all your accounts, ensuring you don’t have to remember them. They can even notify you if any passwords are weak or have been compromised.

But A Password Manager Sounds Risky

Centralizing your passwords to one place? Sure, it can be thought of as storing all one’s eggs in one basket, but what’s more risky? Using the jumping cows on a rainy day, or, gobbledegook? The path to least risk is gobbledegook.

Never, Ever Reuse Passwords

We were just talking about suckers …

Suckers are people who use the same password over and over. Once a hacker or a bot knows one, they know them all. Who in their right mind would install the same lock on all of their homes, vehicles, gym lockers, bike bolts … you get the picture. Reusing passwords is a path to ruin.

2FA

Don't forget two-factor authentication (2FA), either! It adds an extra layer of security by requiring a second form of verification—like a text or email code—when logging in. This ensures that even if someone steals your password, they’ll still need more information to access your systems.

Gosh — All of This Sounds Inconvenient

Damn Skippy. Anything that’s convenient and easy to remember is, inherently, insecure. What am I always telling you? Convenience is the enemy of security. This is inherently inconvenient:

ASEDEmR3luvnRK-8IGcgE3LLbdntE0h7knB#5ylknfi5aU5g7xVI

Thus, it’s incredibly secure. Much more secure than jumping cows.

At the end of the day, strong passwords are one of the cheapest and most effective forms of cybersecurity for your small business. Protecting your business starts with something as simple as updating your passwords—so don’t wait!

Need help? I’m just a click away.

R