top of page
Search

Cybersecurity Awareness Month: Passwords

This week, we’re celebrating Cybersecurity Awareness Month by talking about your first line of cyber defense: passwords! Learn what makes a good password, why reusing passwords is a bad idea, and how a password manager can help you keep track of them all.

Cybersecurity Awareness Month banner

The Importance of Passwords for Security

For as long as humans have been keeping information from falling into the wrong hands, we’ve used secret codes to indicate who should have access to it. Passwords, passphrases, and PINs are the codes we use to protect our information in digital systems—from our bank account information to national security data. Protecting your information with a weak password is like hiding your house key under the welcome mat—it’s easy for someone to find and use, even if they aren’t someone you want in your home. Therefore, it’s crucial to understand what it means to have good passwords.

What Makes a Strong Password?

Strong passwords are those that are (a) hard to guess and (b) hard to crack. The first is why cybersecurity professionals have been saying for years that you shouldn’t use your children’s or pets’ names as your password—anyone with a limited amount of information about you is likely to know those names and can guess they might be your password. In general, strong passwords avoid easily gathered information, such as family members’ names, your favorite sports team, or your honeymoon location.

Say No to Crack

Making passwords that are hard to crack is a different challenge. Hackers often use a technique called brute forcing, which involves guessing every possible combination of characters because, eventually, one of them will be correct. This is also why it’s recommended to “lock out” accounts after a number of repeated failed login attempts. Computer programs which use brute force techniques can make hundreds of guesses per second, so locking an account for 15 minutes after 10 failed attempts drastically increases the amount of time it would take a hacker to crack your password.

But how do you create a password that is hard to crack? In this context, a strong password is one that is both long and complex. Password complexity refers to including a variety of character types. The more types of characters you use, the larger the character space—which is the set of possible characters a hacker has to include in their guesses.

The other part of password strength in relation to brute forcing is length. Longer passwords are harder to guess because they require a brute force attack to guess every combination of the available characters for each possible password length—your password’s length exponentially increases how hard it is to crack. For example, a 3-character password using the 94 characters on a standard keyboard would require at most 830,584 guesses (94^3) but a 5-character password would take over 7 billion guesses (94^5).

This is also why passphrases—collections of words with a few special characters thrown in—have gained popularity. The password a=3Ij_.Bs7A~%Q-ia0!+p3xzBe and the passphrase Smartypants-Clicker2.Envy? are both 26 characters long, but one of them is much easier to remember!

Tools like How Secure Is My Password? from Security.org can provide an estimate of how long it would take a computer to take your password. As a general rule, we think that if it would take a computer longer to crack your password than the amount of time the universe has existed (roughly 14 billion years), then we call that a strong password!

Is Reusing Passwords Really a Big Deal?

Everyone has heard the warning at some point: “Don’t reuse your passwords!!” But why is this advice repeated ad nauseum? What makes password reuse such a bad idea?

Think of it this way: if you use the same password for your Facebook account and your bank’s website, that means an attacker who figures out your password for Facebook can suddenly access your bank account. Let’s say it’s also the same as your Amazon account and you have your payment information saved—that means the hacker gets to go on a shopping spree with your money!

Whether your password was guessed, cracked, leaked by a third party, or acquired by phishing you into submitting a fake login page, the first thing hackers will do is try to do is use it on every website they can think of—whether they know you have an account or not. They’ll try blindly and, if your password is the same across the internet, they’ll eventually succeed.

That’s why it’s so crucial to use unique passwords for every website and account. If your password is the same everywhere, then a breach of one account can quickly become a breach of all your accounts. With different passwords, you’re able to minimize the damage of a single account compromise.

How Passwords Managers Can Help

Password managers are utilities that can securely generate, save, and fill passwords for you. Ideally, they also utilize a zero-knowledge model, meaning they only store your passwords in an encrypted format and can only decrypt them with your “master password.” That way, even if the password manager, itself, gets hacked, it still doesn’t give attackers the keys to your digital kingdom—the platform has zero knowledge of your unencrypted passwords. This is also one of the aspects that makes them better than your browser’s built-in password-saving functionality.

By securing your password manager with an extra strong password/passphrase (say, 25+ characters), you now only have to remember your one super strong password! Most modern password managers also have mobile apps and browser plug-ins that provide a seamless experience across all your devices.

Some of the most well-known examples are 1Password, Bitwarden, Dashlane, Keeper, and LastPass. They all have different features and feels, so find whichever works best for you!

What Happens If My Password Is Stolen?

One of the biggest challenges with passwords is keeping them secret. If your Prohibition-era speakeasy requires a special password before permitting entry and one of the G-men finds out what it is, your moonshine is going down the drain!

Between passwords being guessed, cracked, leaked to the dark web, or stolen through social engineering, the possibility of someone eventually getting ahold of a working password can’t be ignored. That’s why multi-factor authentication (MFA) is important: it adds an extra layer of defense between attackers and your information!

We’ll be back next week with information on how MFA reinforces strong passwords in establishing digital security—and why you should enable it every chance you get! Until then, stay cybersecure out there!


 
 
_edited.jpg

Sign up for our newsletter to get exclusive updates

By submitting this form, you are providing your consent for Triumvirate Cybersecurity to contact you about its products and services. We will not sell your information to third parties, per our Privacy Policy.

Recent Posts
Connect with Us

Contact    Subscribe to Our Newsletter

LinkedIn
CyberAB-RPO-Badge.png
Navigation

Home    About    Services    Pricing    Insights

Privacy Policy

info@triumviratecyber.org

31 S. Main Street, Suite 390, Dayton, OH 45402

(937) 203-8443    CAGE: 9ZW92

TRIUMVIRATE CYBERSECURITY CONSULTING LLC

© Triumvirate Cybersecurity 2025

bottom of page