Guidelines for Username and Password Risk Management

Hackers often bypass some of the best security technologies by exploiting one of the oldest tricks in the book, your password.  Not only will attackers quickly gain access to whatever you have access to, audits and security monitoring will detect show that you accessed the documents, not the attacker so you will be the one to account for inappropriate use of company resources or access of data.  So what can you do to prevent this?

First, don’t share your password with anyone.  Not your co-workers, secretary, spouse, or even your dog.  Your password should be for your eyes only.  Also, avoid group or departmental accounts that are shared among several people.  Have system administrators create an individual account for each person that accesses a system.  Next, change your password often and follow these guidelines to create a secure password:

  • Use a combination of upper-case and lower-case, numbers and special characters such as ! @ # $ % * ( ) – + = , < > : : “ ‘
  • Make your password long enough: Between 8 to 20 characters is recommended.
  • To help you easily remember your password, consider using a phrase or song to go with the acronym.
  • You can also make the entire phrase your password.  I like to choose something funny and weird that would not be easily guessed like Yeah, Testing for my star riding license which would look like this as a password: “Yeah!Testing4My*RidingLicense”

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.


  1. Your suggestions were very helpful. I have always had a difficult time remembering passwords and creating good passwords so I did not have a very secure one and I used the same password for all accounts. I tried your method and I am now using several complex passwords and I remember them all.

Leave a Reply