Man holding phone with technical tips on strong passwords and security lock icon on digital background

How to Create a Strong Password

June 09, 2025

Why Strong Passwords Still Matter and What's Next for Identity Protection

Did you know that the average number of passwords per person in the workplace is 87? Eighty-seven! Not only is that a lot of account credentials to remember, but it's also potentially a lot of open doors for hackers to take advantage of. After all, according to Verizon's 2025 Data Breach Investigations Report, credential abuse is still the most common vector for initial exploit access… a 34% increase from the prior year's report.

Passwords aren't the end-all, be-all... and they're not your only line of defense. Cybersecurity experts at the National Institute of Standards & Technology (NIST) actually encourage you to avoid relying on passwords whenever possible. Knowing that passwords aren't going away tomorrow, let's learn about some ways to create strong passwords, stay secure, and prepare for the future of identity protection.

Five Tips for Safer Access and Credential Management

1. Use a Long Passphrase Instead of a Password

NIST now recommends passphrases of 15 characters or more. That doesn't mean adding random symbols—it means stringing together several unrelated words, which are easier to remember and exponentially harder to crack. For example: "RiverCalendarGlassStudio91!" - it's over 15 characters, memorable, and random enough to be hard to guess.

When creating your passphrase, avoid common words, patterns or tricks. 42% of people who have been hacked have passwords that use a combination of letters and numbers with personal significance… making them easier to guess! (Forbes Advisor)

Fun fact: did you know that a one character password made from lowercase letters can be cracked in 26 tries. A 15-character passphrase, however, could take over 500 years by a computer to brute-force at 100 billion guesses per second.

The ET&T team can recommend online random passphrase generators - reach out and we can help!

2. Use a Passkey

Passkeys are a new way to prove your identity online by storing a private digital key on a device you already carry around, like your phone. Using biometric sensors (such as a fingerprint or facial recognition), pin, or pattern, users can login to apps and websites without having to remember and manage passwords.

You may already be using Passkeys on your iPhone, as they've already become widely adopted across Google, Apple and Microsoft. If you've ever been prompted to automatically "Use Face ID to Sign in," you're creating a passkey that's being saved to your iCloud Keychain. In this way, you're creating uniquely generated credentials for every account on your device, which are less vulnerable to phishing.

3. Activate Multi-Factor Authentication (MFA)

MFA provides an extra layer of security that can help protect your account even if your password has been compromised. You probably already use this if you've ever been prompted to accept a "Push Notification" or input a code to verify your sign-in using tools like Microsoft Authenticator, DUO, or even text messages. When using multi-factor authentication, even if a hacker has your username and password, it's much harder for attackers to access the second device or verification tool needed to log in.

4. Password Managers

You don't need to remember 250 unique logins. Let a trusted password manager handle it. These tools store your credentials securely and can even generate strong passwords for each new account. Just make sure your master password (the one that unlocks your vault) is long, strong, and unique. That's your single point of control.

5. Smarter Password Policies - Not Stricter Ones

Old-school policies like requiring symbols, changing passwords every 30 days, or limiting pastes do more harm than good. According to both NIST and Huntress, these rules push users toward shortcuts—like reusing passwords or writing them down.

Since passwords are ultimately susceptible, it may make sense to change them when required. If you think your account has been compromised, when a password has been shared or members of your team come and go, or when privileged access requirements change, the ET&T team may recommend a reset. Routine resets, however, tend to just lead to weaker passwords and user frustration.

Final Word: Your Passwords Protect More Than Just Logins

They protect your client data, financial systems, intellectual property—and your reputation.

Strong passwords, passphrases, and passkeys, backed by MFA and smart policies, are the foundation of a resilient cybersecurity plan. Whether you're running a CPA firm, a local municipality, or a law office, secure credentials are just as critical as any firewall or antivirus software.

If you'd like help educating your team or reviewing your firm's password practices, ET&T is here to help translate the tech into plain English—and set you up for safer, smarter operations.

Ready to evaluate your business's password policies?
Click Here or call us at 610-433-1000 to schedule a FREE Consult and let's safeguard your operations against any disaster.

Get In Touch

Choose ET&T for responsive telecommunications support for businesses in and around the Lehigh Valley.

Address:
2360 Avenue A
Bethlehem, PA 18017

Phone: 610-433-1000

Email: Help@ET-T.com

2360 Avenue A, Bethlehem, PA 18017