Build Better Passwords for Online Security this “Change Your Password Day”

Change your password day.

What do your bank, social media, and email accounts share? A password! Passwords are one of the most critical lines of defence against cyber attacks. They help ensure our data is only accessed by authorised users, even in the event of device theft or loss. Many people choose passwords found in the dictionary and reuse them across multiple accounts, meaning that once a cybercriminal has access to one account, they have them all. By the end of this article, you will learn CIRT-BS techniques for creating strong passwords and learn about password tools that you can leverage for additional security.


Creation Techniques

We often hear that using common words or the names of pets and relatives as passwords is generally not a good idea, and this is true. We avoid using the names of our loved ones because they can be easy to crack, especially if we share identifying information about our relatives with others or connect with them on social media. Instead, consider using the first letters of a phrase or sentence. For example, the sentence, I am really looking forward to vacation this summer, can become the password iARlf2vt$ when we replace some letters with numbers and special characters and use capitalisation. Find a sentence, phrase, or song lyric you can remember and consider making the first letters of them your password with a few twists.


Single Sign-on

Single sign-on is a convenient feature, but it is actually a wolf in sheep’s clothing. When you choose the option to sign in to a service with your social media or email account, you become susceptible to social network security breaches. If a cybercriminal gains access to your Facebook password and you use Facebook to sign onto another web service, the criminal also has access to that additional account.


Password Managers

We often hear, “How do you expect us to remember all of these unique passwords?”. The short answer is: we don’t! With all of the accounts we use daily, it would be nearly impossible to recall each password. Password managers provide a level of ease by storing all of our passwords securely. Many of these managers are also suited with features that will generate solid passwords for you and notify you if and when your password is part of a breach. Reputable password managers include LastPass, Keeper, and 1Password.

For additional peace of mind, remember a word or number, stored independently of the manager, to tack onto each password.


Multi-factor Authentication

Even when we use various tips and tricks to create passwords, hackers can use technology to decrypt them. This is why CIRT-BS recommends using multi-factor authentication (MFA) to verify attempted logins. Often free, MFA apps force you to authenticate any login attempts by sending you a push notification with a button to approve or deny each attempt. Not only does this make you aware of potential threats in real-time, but even if someone does crack your password, you block the login process immediately.

Multi-factor authentication. Login on tablet device and approve on mobile phone.

Initially, MFA may feel like a chore, but the habit becomes second nature over time. Our analysts recommend various MFA applications, including Google Authenticator, Microsoft Authenticator, and Duo Mobile


Stay Vigilant

It is important to be cautious about who you share your passwords with and where you share them. Remember that credible services only request passwords on their proprietary website or app. If they are asking for the password elsewhere, it likely means that the request is illegitimate, and you are presumably the subject of a phishing attack and should take measures to delete and report it accordingly. If a service asks for your password, we recommend that you alternatively log into your application to check for important notifications or messages and take action there.


Change Your Password Annually

To counter evolving security threats with relation to password security, change your password on an annual basis. “Change Your Password Day,” on 1 February of each year, is an excellent opportunity for updating them. Mark the date in your calendar so that you always remember.



Cybersecurity is everyone’s business, and password security is a crucial aspect of this. If you take anything away from this article, it should be to create passwords that take work to guess! Always remember the basic rule of thumb to create a password that is eight or more characters in length and a mix of uppercase and lowercase letters sprinkled with numbers and special characters, including the asterisk (*), dollar sign ($), and ampersand (&). When you can, use a multi-factor authentication service and a password manager. A little bit of extra effort can go a long way in helping to keep your online data secure.

Scroll to Top
Skip to content