NEW: Recognized by Analysts. Chosen by Customers. Read the Report from Gartner®

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
  • Watch Demo
  • Contact Sales

What Makes a Strong Password? Basic Rules Everyone Should Follow

October 4, 2016

  • Blog
  • Archive
  1. Home
  2. Blog
  3. What Makes a Strong Password? Basic Rules Everyone Should Follow
Strong passwords Passwords have become a common topic in the news, with breaches from Twitter, Yahoo, and even Facebook highlighting their risks. If your password is stolen, malicious intent can rob your bank account blind or create extreme havoc on social media pages; especially for those in the public eye. As humans, we create passwords we can remember. Combinations of birthdays, loved one’s names, or even pets’ names. We use them to protect our bank accounts, social media sites, mail, and even our taxes.

The problem with passwords is we need so many of them. Potentially one for every resource previously mentioned.

In order to simplify our lives, we re-use them, and unfortunately we re-use them everywhere. This means that if your password is compromised in one location, hackers potentially can re-use them in every other place you have cloned its usage. This leads us full circle back to the potential malicious intent that can be exploited if only one place leaks that reused password.

Basic rules everyone should follow.

In order to combat this problem, we need to establish some rules of engagement for passwords and ensure their strength is sufficient. First here are some basic rules everyone should follow:
  • Never re-use the same password between work and home
  • Never re-use the same password for financial institutions and social media
  • Never re-use the same password for an administrator account at work as your standard logon
  • Never tell anyone your password. If you need to share it, change it when the other person is done with using it.
  • Change your passwords frequently.
To that end, the passwords themselves need to be secure. The strength of a password should have several key attributes that make it more difficult to crack with traditional techniques including:
  • Brute force – testing a password over and over again with combinations of characters (numbers, letters, and symbols) until one matches. This is why the length and potential types of characters to be included are so important. It makes the possible number of combinations potentially that much harder to test mathematically.
  • Dictionaries - testing of the password with words in the dictionary, commonly used passwords like “Passw0rd”, or the default passwords manufacturers provide like “Cisco”.
  • Social engineering – testing of a password based on known attributes about them including things like their birthday, anniversary, or even child’s name.
And once you finally select a password, its strength needs to observe these parameters:
  • Length of the password – preferably over 12 characters
  • Complexity of the password – must contain letters (upper and lower case), numbers, and symbols and have a minimum number of each
  • Contain no repetitive characters
  • Contain no human readable words, names, dates, or recognize context with the password
  • Should not be reused from a previous time and date
  • Should not contain sequences from a keyboard like ‘qwerty’ or ‘zxcvb’

Solutions for personal and business use.

With these in mind, it is very difficult for a person to remember passwords that have no rhyme or reason for creation. Especially for all the ones they need to create to meet every single one of these rules. Personal password managers help with this by creating random passwords that are nearly non-human readable and secured by only one password the user needs to remember. Something obscure and only used for the password manager itself. For individuals, use a secure personal password manager to remember your passwords and create new randomized ones helps solve this problem. No two passwords are like, they are securely locked up in the cloud, and all you need to remember is your primary keychain password to access them. For businesses, the use of an enterprise password management solution for password tracking, release, randomization, and workflow solves this problem as well. Policies control all the parameters above and the passwords are always randomized and changed like clockwork. Take my advice, folks, and don’t be the next victim.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Microsoft Vulnerabilities Report 2022

Whitepapers

Microsoft Vulnerabilities Report 2022

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Whitepapers

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.