While you may not always have control over your password’s length requirements, you do have control over what that password actually is. With this in mind, never stick with default passwords that were generated when your account was first made, and try not to use any approximations of these all too common ones, per the research from SPECOPS.
- Passwords that use “sym_ckill” as a base, such as “sym_ckillOb,” “sym_ckillOG,” “sym_ckillOT,” “sym_ckillO,” or just “Sym_ckill.”
- Avoid using “password” as your password. Adding a couple of extra letters or numbers at the end, like “passwordGG,” won’t help either.
- Avoid using strings of the same letter, for any password length. So no “GGGGGGGG,” “OOOOOOOOOO,” etc.
- Popular historical and pop culture people and media are also not a good idea, so don’t use “cleopatra” or “minecraft” anything. Even slightly more obscure references like “hacktheplanet” (a popular phrase in 95’s “Hackers”) are easily guessable.
- As mentioned previously, don’t use your account’s default password if you can avoid it. So anything like “Sym_newhireOEIE” or “Sym_newhireOAIE” needs to be changed to something else ASAP.
Above all else, it’s always recommended to create passwords that use a combination of letters and numbers — and not just a word or two with a number at the end. Mix and match, play with capital letters, and try not to pick something people would commonly associate with you (like a birthday, spouse’s name, etc). And, of course, don’t share your passwords with anyone you can’t verify. And embrace 2FA.