The secrets of a secure password

Security is not at the top list of concerns to corporate users while management, especially IT management, would think it to be one of, if not the most important aspect of creating a secured environment for users. This starts with a simple thing called the password.

Although this should be enforced in the company password policy, it is also beneficial if users understand some of the do’s and don’ts.

The following describe some things to do and avoid in order to create your secured password

DO NOT Keep It Simple, Stupid (KISS)
Your password should not be Simple, Stupid. Its fairly easy to crack or even guess some of the passwords users would use as their password (in organizations where stringent password policy has not been defined and enforced). I would suggest a password with at least 8 characters with numbers, lowercase, uppercase and special characters and not to include easily guessed dictionary words, names or phrases.

A bad Example : Sunday (easy to crack or be seen when co-workers are near)

A decent one : #Sunday@123* (Will be very difficult unless someone understands the pattern)


Your password length and character or number placement should be hard enough for anyone to guess, but shouldn’t be too long or confusing that you have to call up IT to reset your password because you couldn’t remember it completely.

A bad Example : *YXt43&21+hRE4Plc(123)%jn* (in theory, this is a great password, but can you actually remember this)

Your password should be easy for you, but hard for anyone else. Try a pass phrase. This is when you make a easy sounding word or phrase in a combination of numbers characters and lower and uppercase letters.

An example : *1@mc00L!0Ne* (notice all o’s are zeros, i’s are ones, a is now @ and to keep it cool you separate words with characters like ! or *)


Your password should be “remembered”, not written down. It’s easy for you to look into a diary or worse yet – in an email. But this means anyone else can easily do the same should you be away from your desk, left your screen on etc. The only exception to this rule is a password protected application to store passwords (sometimes called a password safe).


This is really important. If someone was to compromise your password, you should avoid chances of abuse by frequently changing your password. Some companies require a password change every 30 days others are more or less strict. But even if you are given the choice, you should still change your password at least every 30 days.


Some departments have the tendency or habit (which they deem necessary) to share passwords with users when on leave. This is a very bad practice and is most likely a breach of IT Policy in most companies. Should you require the files or email or any other resources of the user on leave, a quick request to IT should help you sort this out without any policy breach


I hope that these pearls of wisdom are understood and adhered to next time you need to change either your work or even your personal password.


8 thoughts on “The secrets of a secure password

Leave a Reply