Best_Password_Strategies_body.jpgBy Jennifer Shaheen.

Human beings are great at lots of things, but generating strong passwords is not one of them. For some reason, whether it’s fear of forgetting or a lack of imagination, many people rely on exceptionally easy to guess passwords such as “12345” or “password.” This practice exponentially increases the odds that a hacker will be able to gain access to your company’s networks, which can have painful financial or competitive consequences. Better passwords means better protection. Educate and encourage your employees to follow these password practices to keep your data safe:

Make a list of forbidden passwords

Easily guessed passwords, such as ABC123, Guest, or Admin should never be used. Tell your team they’re off limits. Additionally, avoid passwords based on the company name, an employee’s first or last name, or other language associated with your brand, such as a tagline or catchphrase.

Go the distance

Longer passwords are stronger than shorter ones. Encourage employees to create passwords that are of the maximum allowable length. It greatly reduces a hacker’s odds of being able to crack it, particularly if other best practices are followed. At a minimum, passwords should be 12 to 15 characters in length.


Use special characters, numbers, and upper & lower case letters

Adding punctuation marks and numbers to your passwords makes them tougher to crack. That being said, avoid the common error of trying to outsmart the hackers by choosing “p@ssw0rd”—this technique is already quite familiar. Instead, combine special characters and numbers with uncommon password phrases for best results. Case sensitivity isn’t available on all platforms, but when it is, your team should use it.

Use multi-word phrases rather than single passwords

Password phrases are more complex than single passwords, increasing the relative security of the password. For best results, use a phrase or even a sentence that doesn’t occur in everyday conversation. This will make it harder for people to guess. For example, the sentence “My Silly Password is Long” is unusual enough, but when combined with uncommon symbols and upper and lower case letters, it becomes that much for difficult for a hacker to guess.


Mandate frequent password changes

Experts recommend frequently changing passwords for small businesses and the effort needs to apply to every employee. No one is immune from being hacked. Companies that deal with highly sensitive data may want to change their passwords more frequently or use something called two-factor authentication. This protection requires two forms of identification—a personal password and a one-time password randomly generated on a mobile phone or other device.

Bank of America, N.A. engages with Touchpoint Media Inc. to provide informational materials for your discussion or review purposes only. Touchpoint Media Inc. is a registered trademark, used pursuant to license. The third parties within articles are used under license from Touchpoint Media Inc. Consult your financial, legal and accounting advisors, as neither Bank of America, its affiliates, nor their employees provide legal, accounting and tax advice.


Bank of America, N.A. Member FDIC.


©2015 Bank of America Corporation