Pagoda Blog

6 Password Best Practices to Implement Right Now

July 7, 2022

“The password you entered is incorrect. Try again.” 


“Error. Your username or password is incorrect.”


“Sign in failed. Bad username/password combo.” 


“Sorry we can’t find an account with that email address. Please try again or create a new account.” 


Do you want to throw something at your laptop screen yet? It’s maddening when you forget your password which is why so many users simply use the same, simple password across multiple accounts. This type of behavior, however, puts you at major risk of a data breach. In fact, poor or reused passwords were responsible for 80% of data breaches according to the 2021 Verizon Data Breach Report. 


According to Jason Lucero, MSP channel manager for LastPass by LogMeIn, 66% of people use the same passwords for their accounts and if their passwords are poor, then they’re that much more at risk of being hacked. 


Password management is still foundational to your business’s cybersecurity, but it’s all too common to leave this critical line of defense to the whims of each individual employee. Fortunately, implementing password best practices (and cultivating a culture of cybersecurity) across your organization can significantly reduce the threat of a data breach. 


Here are 6 password best practices recommended by the National Institute of Standards and Technology (NIST) and by our team of cybersecurity experts here at Pagoda Technologies:  


1. Require strong passwords

Set a minimum password length and require a combination of special symbols, letters, and numbers. It’s also advisable to create a list of forbidden phrases, such as date of birth, address, child’s name, and mother’s maiden name. A password management service can help you implement a strong password requirement across accounts. 


2. Don’t reuse passwords

You should never reuse passwords. Every account should have a completely unique password, and just changing a symbol or number or adding a new character doesn’t cut it. This is why we recommend using a password management service to auto generate unique, complex passwords. 


3. Don’t mandate regular password changes

The old practice of requiring users to regularly reset their passwords often leads to simpler, weaker passwords — and can also lead to the practice of reusing passwords across multiple accounts. If you still want to mandate password changes, however, use a password management service like Passportal that automatically generates strong passwords. 


4. Enable multi-factor authentication 

Multi-factor or two-factor authentication adds another layer of security to your account credentials. With MFA or 2FA, a user must first enter their username and password and an additional piece of identifying information before gaining entry. This additional piece of information could be a one-time use code sent either to their mobile phone or email, a physical token, or a form of bio authentication like a fingerprint or facial recognition.  


5. Limit password attempts 

Limiting the number of times a user can attempt to enter their password can prevent brute force attacks. A good standard is to allow users a maximum of 4 attempts before locking them out of the account. 


6. Use long, memorable passphrases 

Long, memorable passphrases can provide sufficient security for your accounts, but only if you follow best password practices when creating them. A passphrase should be memorable only to you. Think in terms of unexpected combinations of words that only have meaning to you because of your personal experiences. 


We recommend using a password management service like N-able’s Passportal that automatically generates complex, highly secure passwords for all your accounts. Use a passphrase for your password to the password management service. It’s especially important to use something memorable for this account so you’re not tempted to store this password in a Google spreadsheet, a physical planner, your email, the notes on your phone, or anywhere else that could be compromised and lead someone to gain access to the credentials for all your accounts. 


Our number 1 password security tip: Use a password management service

All of the tips above can be easily and effectively implemented across your entire organization through a password management service. These services securely store and organize your login credentials, give you the ability to securely share passwords, control access by department or individuals, and give you the ability to auto generate strong, unique passwords for all your accounts. See why we use Passportal for our clients. 


Feature photo by TheStandingDesk on Unsplash


Related reading: 

Are Passwords Strengthening or Compromising Your Cybersecurity? The Pros and Cons of Passwordless Authentication 

5 Ways a Data Breach Can Cause Long-Term Damage to Your Business

Why the Most Successful Businesses Have a Cybersecurity Mindset


Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing



Want IT to serve you better?




About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn