Helping Employees Pick Secure and Memorable Passwords

Bill Rybinski
Posted by

A secure password can make or break a company; a single employee with a weak password can put your company's confidential and sensitive data at risk. By coaching employees on how to choose passwords that are tough to crack, you can increase security across the company network.

As many technology professionals know, employees favor passwords that are simple and easy to remember. Left unsupervised, they may use easy-to-guess options such as "password" or "123456." According to a recent Verizon study, weak passwords were listed as one of the top causes of data breaches. They make it easier to break into your office network, giving hackers or corporate spies access to valuable business and customer data. By implementing and enforcing password guidelines, you make it easier for each employee to choose a secure password.

Basic Security Guidelines

For technology professionals, the first step in password security is often to publish a set of guidelines. The guidelines should cover the basic ways to ensure a secure password; if possible, make it part of your company's security policy. Advise employees to use longer passwords whenever possible. Each password should contain a mix of capital and lowercase letters, numbers and special characters. It should not include words or numbers that are easy to find out, like last names or birth years. The policy should coordinate with your system's password restrictions; some systems do not allow special characters, for example.

Choosing Memorable Passwords

Often, the problem with a secure password is that it is difficult to remember. To help employees choose memorable options, advise them to pick a simple phrase like "so long and thanks for all the memories." Take the first letter of each word to create a basic string of letters: "slatfatm." Then, translate a few of the letters into characters or numbers to create a password like "5L@t4@tm."

Different Passwords

One of the most common security mistakes employees make is using the same two or three passwords for every system. A truly secure password is unique; it is not used anywhere else on the Internet. If an employee uses the same password for his personal email and professional network access, a hacker has a faster, easier way in. Although you cannot police all of your employee's passwords, you can stress to them the importance of choosing a one-of-a-kind phrase. If possible, make it a requirement of your company's security policy. When an employee knows that he could be held liable for the consequences of a data breach, he may be more likely to choose unique passwords.

Ensuring a secure password for each employee is often an uphill battle. By making security resources easily available and requiring strong passwords, however, you can protect data and prevent disastrous hacking events.


(Photo courtesy of chanpipat at


Become a member to take advantage of more features, like commenting and voting.

Jobs to Watch