The dos and don’ts of password management

Daniel Dallmann

Daniel Dallmann

Manager, Information Security | Payworks

Daniel has over a decade of experience in security product and service analysis, design and development and is dedicated to continuously evolving Payworks’ security solutions to reflect ever-changing technologies in tandem with industry trends.
Gestionnaire en sécurité de l'information | Payworks

Fort de plus de 10 ans d’expérience dans l’analyse, la conception et le développement de produits et services de sécurité, Daniel se consacre à l’optimisation des solutions de sécurité de Payworks au rythme de l’évolution des technologies et des tendances de l’industrie.

We all (attempt to) know and love them. All 50+ of them.

No matter where we are, we use passwords for practically every digital activity we embark upon throughout the day. It’s critical that we do our best to protect our passwords from falling into the wrong hands or being cracked by an ill-intentioned third party.

So next time you’re setting up a new account or changing an existing password (set a recurring reminder in your calendar – experts widely recommend changing them every 90 days!), here are some do’s and don’ts to keep in mind when it comes to password management.


Share your password

  • Not with colleagues, not with friends, not even with your grandma! Even if the person would never intentionally misuse your password, it can be compromised if they’re not vigilant about password protection. Your accounts are a part of your digital identity, and any actions associated with your accounts are linked directly to you and live online forever.

Reuse the same password for every account

  • If your password is the same for every account – and especially if that same password is used alongside the same email address/username – all it takes is for one of those accounts to be compromised, and a hacker could potentially gain access to the rest of your accounts. Don’t make it so easy for the bad guys! Use different passwords for different accounts.

Write your password down

  • Afraid you’re not going to remember 50+ passwords? You’re not alone! While the best place to store your passwords is in your brain, if you absolutely need to physically store your passwords somewhere, it’s best to use a password manager that generates complex and unique passwords for each of your accounts and stores them on your behalf. Some popular password managers include KeePass Password Safe, LastPass and 1Password. If you choose a cloud-based password manager, it’s best practice to use multi-factor authentication (read on to learn more).


Use multi-factor authentication

  • Multi-factor authentication verifies your identify using more than one method such as a finger print and password combination. For example, when logging into your email account with your username and password, you may also need to enter a code that you receive via text message to the phone number associated with your account. It’s best practice to use multi-factor authentication whenever possible, particularly when handling sensitive financial information.

Use long passwords with multiple character types (use a pass phrase!)

  • !@#$%A1aB2bC3c – the sky really is the limit when it comes to adding variations to your password. Use a combination of uppercase and lowercase letters, numbers, and special characters. Like we’ve said, don’t make it easy for the bad guys. Best practice is to use a password system. Create a pass phrase, taking the first letter of each word, and then substituting in numbers or adding special characters to increase the complexity. For instance, if your pass phrase was “Last year Alex and I went to Disneyland for the first time,” that could translate into LyAaIw2Dftft#19. That looks like a doozey of a password at first glance, but when it’s built on a simple phrase, it’s easy to remember.

Opt to use distinctive authentication methods

  • Technology is forever evolving, and passwords are no longer the only way to log in. Nowadays you can use biometric verification, which scans your fingerprint (touch ID) or leverages facial recognition to verify your identity. These methods create a unique profile for the user, which is almost (although not completely) impossible to replicate. Ideally, biometric verification could be integrated as one step in a multi-factor authentication process.

Ensure you’re on a secure connection

  • Using an unsecured Wi-Fi connection opens the door to hackers. If you work remotely, best practice is to use a secure VPN connection to access the corporate network, which adds an additional layer of authentication and creates a secure communication tunnel between your device and the network you’re connecting to.

Top 10 passwords to avoid

Some of the most popular passwords are the ones that are easiest to crack. If you use any of the following 10 passwords, we strongly recommend switching things up ASAP!

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

To help keep you and your crew informed and empowered in the fast-changing information security landscape, we’ve tapped our in-house experts for the most effective best practices you can leverage right now. Download a free copy of our Security Best Practices E-Book:

Seeing is believing!

Curious what better Canadian workforce management looks like in action (and how much time you could reclaim in your day-to-day)? Book a pressure-free, get-to-know you demo today.