Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

According to a 2020 NordPass survey, the average person has 100 passwords. Trying to remember 100 or more passwords is nearly impossible, which is why many people fall into the bad habit of reusing passwords or choosing simple passwords that are easy to remember. Unfortunately, “easy to remember” also means “easy to hack.”

Hacking is a huge problem, especially for small business owners whose passwords protect sensitive, high-value data. This guide helps you secure your business and personal accounts by explaining:

Why Are Strong Passwords Important?

Why Are Strong Passwords Important?

A data breach costs an average of $2.98 million for small businesses. Such a significant, unexpected expense can wreck your finances and shutter your business for good.

Cybercriminals are increasingly targeting small businesses. Smaller businesses store the same type of sensitive information that enterprise-level companies do, but they often don’t have effective digital security measures in place to protect it.

Your digital security starts with a strong password. Cracking login credentials is the easiest way for hackers to access your company’s data. A hacker can do severe damage to your business if they gain access to your network, cloud storage, online banking, or any other password-protected software or account.

One of the most popular passwords of all time is “123456.” It takes milliseconds to crack a password that simple, so you can see why attacking passwords is a cybercriminal’s go-to move. Once they have your password, they have unlimited access to your account (or accounts, if you reuse passwords).

How Do You Create A Strong Password?

You can follow several best practices to create passwords that are difficult, if not impossible, to break using brute force attacks.

  1. The longer the password, the better. Aim for a minimum length of 12 characters.
  2. Always include a mix of numbers, uppercase letters, lowercase letters, and symbols. Your password should never use just one of these. For example, 988457543344 and @!*$$&[email protected]*$!!! are weak passwords despite being 12 or more characters in length.
  3. Use made-up words to foil “dictionary” attacks that systematically go through every word in the dictionary. Using nonsense words rather than random letters, numbers, and symbols also helps you remember your password easier.
  4. Use phrases rather than single words. [email protected]$!$ is not a very strong password, but MonkeyYellowBiscuit!$ is.
  5. You can also use a password generatorto create unique, complex passwords automatically.

Strong Password Examples

Strong Password Examples

What does a strong password look like? Here are two examples of secure passwords and how long it would take a computer to crack them:

  1. xH!tU9pF6mU (four months)
  2. 94FLooptyGoGGins! (several centuries)
  3. [email protected] (several centuries)

You can test your password’s strength with NordPass’s free tool.

What Are Common Password Mistakes?

Typing a password on laptop

In addition to following the best practices we listed above, it’s important to avoid these common password mistakes:

  • You are reusing passwords. Every account needs to have a unique password. If hackers get your password from a data breach, they will try it on every account you have. By using a unique password for each account, you can limit the damage a hacker can do with your exposed credentials.
  • You never change passwords. Make it a habit to update your passwords regularly for accounts containing sensitive information such as your cloud storage or online banking.
  • You include personal information. Never include personal information in your passwords, such as your birthday, pet’s name, or favorite sports team. This information is easy to find online, making it simple for a hacker to crack your password.
  • You write down passwords. Many people write down their passwords and keep them on their desks, in a notebook, or taped to their computers for easy reference. Writing them puts your passwords at risk. You could lose your notebook, or a hacker could coerce an employee into copying your passwords.

Should You Use a Password Manager?

Difficulty remembering long, complex combinations is the most common reason people default to simple passwords. No one wants to wrack their brain every time they log into an account or use the dreaded “forgot password?” button. It’s just not practical.

Thankfully, you don’t have to choose between convenience and digital security. You can follow all the best practices for strong passwords and securely store them in a password manager for easy retrieval.

A password manager is a software app that stores your passwords in an encrypted database to protect them. You access your passwords by logging into the manager using a master password. (That’s right — you only have to remember one password.) Many password managers will autofill your saved passwords, so you only need to log in if you want to make changes. Considering how many accounts you likely use in a given day, that’s a huge time saver.

Are Password Managers Secure?

Companies that provide password manager apps understand the importance of the data they’re storing and take digital security seriously. Cybersecurity protocols vary slightly across providers, but most managers use 256-bit encryption.

This encryption is military-grade. It would take a computer more than a million years to break it through brute force. In other words, password managers are one of the safest and easiest ways to store your passwords.

However, as with any digital technology, there are possible vulnerabilities.

Drawbacks of Using a Password Manager:

  • If you fall victim to a phishing attack that compromises your device with malware, a hacker may be able to record your keystrokes when you enter your master password. Your master password gives them access to all of your passwords.
  • If you forget your master password and your manager app doesn’t offer a reset button, you won’t be able to retrieve your stored passwords.
  • Not all password managers are created equal. It’s critical to evaluate the software’s security features before using it to ensure they’re robust enough to meet your needs.

Despite these potential issues, cybersecurity experts still recommend password managers as a way of keeping your data secure. If a password manager sounds like a great fit for your company’s digital security needs, you can read our in-depth reviews of the best password managers for 2023.

We can’t overstate the importance of creating strong passwords to protect your small business. Cybercriminals are increasingly targeting smaller companies, and weak passwords are one of the most common ways they compromise your accounts. Take time to update your passwords following the recommendations in this article, and be sure to educate your employees on the importance of secure passwords.