Best Practice: Strong Password Policy

How to Create Strong and Secure Passwords

How to create strong passwords, secure passwords, stronglockPasswords provide the first line of defense against unauthorized access to your computer and online accounts. The stronger your password, the more protected these resources will be from hackers and malicious software.
Typically, people create a password based on personal whim or how easy they are to remember; while this may be easier, it puts your account security at risk.
You should make sure you have strong passwords for all accounts you create or manage.

Password Security Dos and Don'ts


  • Do use 9-14 characters in your password, at a minimum.
  • Do use an alphanumeric password.
    • A mixture of letters and numbers.
  • Do use symbols in your password.
    • Punctuation marks, mathematical symbols, ANSI characters, etc.
  • Do use a mix of both lowercase and capital letters.
  • Do use unique passwords for each account or login you have.
    • If you manage email for your domain through, this is especially important.
  • Do use a mnemonic device, or a passphrase, to help remember your password.
    • Passphrase examples are below.

Do Not:

  • Do not use personal information such as your name, birthday, address, telephone number, names of family members, maiden names, etc. Any information about you, or those associated with you, that is publicly available should be off limits.
  • Do not use information related to your user, account, or website.
  • Do not use any word in any language spelled forward or backward.
  • Do not use the same password for multiple accounts, especially if they are associated with the same resource.
    • An example is if you manage email with your web hosting.
    • Every account should have a unique, secure password.
  • Do not use things like "123456" or any combination of the word "password".
    • These are the least secure types of passwords you could possibly use and they will cause your account to become compromised.
  • Do not continue to use any default passwords that an account or system gives you to start with.
    • Change these immediately.

Suggestions for Creating Strong Passwords

Password Generators

If you're unsure of what to use for a strong password, or having difficulty coming up with one, consider using a Strong Password Generator tool. These will give you a secure password, but the passwords they create will often be harder to remember. Some examples are:


The Passphrase Method

Consider using the passphrase approach to your passwords. A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example: 
  • I love going to concerts. Live rock music is the best!
​Take the first letter of each word in your passphrase, and include any punctuation and capitalization there may be. In this case you should end up with the following password:
  • Ilgtc.Lrmitb!

Strengthen Your Passwords to Protect Your Data

These are just a few of the ways you can strengthen the passwords on your accounts. Remember to follow these best practices, and avoid the pitfalls outlined, and you will improve the security of all your passwords.
When in doubt, ask yourself what would happen if someone gained access to any individual account you own or manage. How bad could it potentially be if that data was in the wild, or if you were locked out of a password-protected system? Apply strong password policies to all of your accounts you need to secure.

Add Feedback