Your First Line of Defence: Tips for Smarter, Safer Passwords
In today’s article, we’re looking at the simplest (but most powerful) tool in your cybersecurity belt: password management.
Cyberattacks are on the rise (Mclean, 2023) regardless of industry (Check Point Research, 2025), with weak/stolen passwords being one of the leading causes of data breaches (Coggins, 2019).
Thankfully, you aren’t alone, and there are plenty of ways to protect your members, data, and staff with a few practical password management strategies. Let’s dive in!
Our Top Tips for Secure Password Management
1. Use a Password Manager
Storing passwords in spreadsheets or sticky notes is a thing of the past.
Instead, look to password manager programs (like KeePass or 1Password), which generate and store strong, unique passwords for every account. This way, you can keep your passwords safe and accessible (but only to you!).
If your organization isn’t already using one, now’s the time to start!
2. Create Strong, Unique Passwords
A strong password should be at least 12 characters and include a mix of upper- and lower-case letters, numbers, and symbols.
Be sure to avoid:
- Dictionary words
- Personal details
- Common patterns
Even worse, the most common passwords are still “123456” and “password”(Perez, 2025)! Under no circumstances should you use passwords like these, whether you’re at work or at home.
Now, if you’re having trouble coming up with a good, unique password, that’s understandable. Thankfully, many password managers (see above) have already considered this and have the ability to generate new, secure passwords for you.
3. DO NOT Reuse Passwords Across Platforms
In a study of breached passwords, of the 19 billion cases examined, 94% of the stolen passwords had been recycled across various platforms (Perez, 2025). Yikes!
If a site becomes compromised, any reused passwords will put all accounts at risk. Every system you access—especially those that handle member data or continuing education (CE) records—requires its own unique password.
4. Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA)
Wherever possible, turn on MFA/2FA. This setup adds a second step to logging in (such as a texted/emailed code or specialized authentication app), which can help you block most attacks—even if your password is stolen.
Google Authenticator is a nice, easy option that you can find on the Google Play Store or iPhone App Store.
5. Stay Alert to Phishing
No matter how strong your password is, it’ll still be vulnerable if you enter it into a fake site. Always double-check URLs, and never click links in suspicious emails.
And, because phishing emails are becoming more convincing, it’s best to create a specific password-sharing process for when you need to distribute passwords amongst staff.
Ensure passwords are never sent through email or regular chat; instead, look into safe password sharing tools like 1Password’s “Password Share” feature or OneTimeSecret, which creates a one-time link that self-destructs after opening.
6. Regularly Update Passwords
Set reminders to update passwords for critical systems every 6 to 12 months. However, if you suspect a breach, update your passwords immediately—don’t hesitate!
It’s always better to be safe than sorry, and a little inconvenience is a small price to pay for keeping your organization secure.
Bonus Resources
If this article has made you feel increasingly nervous, firstly—sorry!
Secondly, there are plenty of resources out there to double-check your security and maintain your peace of mind.
You can try:
- Testing the strength of your passwords with How Secure Is My Password?
- Checking for data breaches with Have I Been Pwned?
Stay cybersafe, everyone!
References
Mclean, M. (2023, August 9). 2021 Must-Know Cyber Attack Statistics and Trends – Embroker. Embroker. https://www.embroker.com/blog/cyber-attack-statistics/
Check Point Research. (2025, April 16). Q1 2025 Global Cyber Attack Report from Check Point Software: An Almost 50% Surge in Cyber Threats Worldwi … Check Point Blog; Check Point Software. https://blog.checkpoint.com/research/q1-2025-global-cyber-attack-report-from-check-point-software-an-almost-50-surge-in-cyber-threats-worldwide-with-a-rise-of-126-in-ransomware-attacks/
Coggins, J. (2019, November 18). Six Common Causes of Data Breaches. Lepide Blog: A Guide to IT Security, Compliance and IT Operations. https://www.lepide.com/blog/six-common-causes-of-data-breaches/
Perez, M. (2025, November 11). Password Follies Persist: “123456” Tops 2025’s Most Hacked Lists Amid Rising Cyber Threats. WebProNews. https://www.webpronews.com/password-follies-persist-123456-tops-2025s-most-hacked-lists-amid-rising-cyber-threats/
