Cybersecurity has become ever more critical. Not only are we relying on mobile devices for access to key data points – like our bank accounts – but more of us are working from home or with remote teams than ever. How do you keep your digital details safe, without making life exponentially more difficult? Today we have some top tips, tricks, and strategies to help you through the best password practices currently available.

How Do Passwords Get Stolen?

Before we look at improving password security, let’s look at how hackers gain access to our passwords in the first place.

As a child, your head was probably filled with stories about how writing down your password was the worst way to get hacked. It has some truth in it – pinning “John’s Banking Password” onto your PC screen via Post-it note is still not the smartest way to act.

However, no cybercriminal is harvesting your sensitive data through a note on your desk. Instead, this would be a risk factor for vindictive behavior from hostile people in your circle – think a mean coworker or a spiteful ex. This antiquated approach to password security misses all the common ways you will actually face a cyber-intrusion.


Phishing is a social engineering trickery that is surprisingly fruitful for hackers. They simply ask for your password details, masquerading as a legitimate vendor, site, or another authoritative party. While most of us have wised up to the Nigerian Prince who just needs you to send your account details to get his millions, modern phishing scams are surprisingly sophisticated and need constant vigilance to avoid. We outline some solutions in the next section.

Social Media Overshare

Tied closely to phishing attempts, many of us have simply gotten too free with what we share openly. Many “innocent” online games or “challenges”. While most of us are savvy enough not to directly type our passwords or Social Security/Identity numbers onto a Facebook post, we give away critical data often used as secondary account questions without ever thinking about who can see or why the “game” is being run. 

Credential Stuffing

Credential stuffing occurs when hackers use stolen databases and lists from data breaches to try the illicit information against accounts. Often, we can do little about the information theft, as it stems from large-scale data breaches against organizations. But we can use smart password management to minimize the personal damage.

Brute Force

Brute Force attacks are unsophisticated, but still net hackers results. They use automation to run massive trial-and-error approaches against accounts to guess login information and encryption keys.


Keylogging involves tiny pieces of malicious software discreetly installed on your PC. These record the keyboard strokes coming from your PC, and are surprisingly effective for password harvesting for online banking and secure logins.

Bad Passwords

Many of us are guilty of using very common passwords. This enables hackers to “password spray”, or throw common passwords against your account name and hope for a match.

Local Discovery

The only modern password theft strategy tied to the old story about writing them down, local discovery happens when malicious software on your machine detects plain text files on your PC where you’ve recorded the details.


With the rise of ransomware, hackers have become more and more able to simply demand your credentials, threatening blackmail or data loss if you don’t comply.

Keeping Your Password Private

Now you know more about how hackers are accessing your passwords, what can you do to keep your precious data safe?

The Power of Robust Passwords and Passphrases

Firstly, it truly is critical to make passwords that are difficult to crack. This goes beyond simply avoiding common passwords, however. 

Long passwords – think between 8-14 characters – with a mix of upper and lowercase, numbers, and special characters – are harder to break with AI and brute force attacks. 

Random chains really are your best bet, as things like birthdays, place of birth, pets, family members, and so on can easily be gleaned from social media oversharing. Random password generators can be your friend here, helping you create a truly random string to use, but can be difficult to memorize.

This is why modern password trends lead to “passphrases”. These are, quite literally, short sentences, mixed up with the other key features (cases, numbers, and special characters), but easier to remember. Think something like:


Your brain retains the core sentence – Susan likes three cupcakes for breakfast – easily, yet it’s a robust and strong password that won’t be easily guessable. Needless to say, you shouldn’t use your own name or familial details in your passphrase!

Avoiding Repetition

Using the same password across logins is easier on the brain, but bad practice. If a hacker gets the password once, they now have access to everything! Even a small change in password choice offers better protection. At least make sure critical areas like your banking, investment, and work server are not tied to the same throwaway password you used once on a shopping site.

Updating Regularly

For companies, running “password audits”, that check both compliance with robust standards and that passwords are regularly being changed, is a smart strategy. It’s a good idea to change critical passwords at least annually even as an individual, too. This helps invalidate data gained in data breaches and makes you less vulnerable as a target.

Combating Phishing

Phishing yields frighteningly good results for hackers, especially as attempts get more sophisticated. No matter how legitimate an email looks, never enter password data into a form because an email told you to. Few legitimate institutions will ever ask this from you, so be vigilant and use common sense. Be sure to check the website you’re directed to and the email address it is sent from at a deep level. If you still feel it’s legitimate, rather contact the institution through its call center or online help and confirm the request is legitimate.

Data Breaches and Two-Factor Identification

There’s little you can do about mass attacks against institutions like credit bureaus leaking your data. All you can do on your side is stay aware of breaches, and act to change immediately if you are warned of one. Freezing your credit, and setting up two-factor authentication on important accounts, can help limit intrusive access from these leaks.

Two-factor authentication introduces a second confirmation source before an account can be accessed, often a pin sent to your phone or email. This provides a second layer of security, making a password breach less damaging.

Malware Best Practices

Regular scans and robust PC health helps reduce the chances of keyloggers remaining on your PC. Being careful and sensible in what sites you visit and what documents you open also helps keep you safe from ransomware attacks and extortion attempts. So does maintaining regular backups, so you are never left pleading with cybercriminals for critical data you can’t restore or rollback.

Keeping robust password security is critical in today’s digital world. With these tips, you can keep your data private and make yourself less vulnerable to cyberattacks and data loss.