Password Management is simply a set of principles using best practices to efficiently create and manage passwords and/or passphrases to prevent unauthorized access.
Passwords are the first line of defense in cybersecurity. Poor password habits are one of the most common causes of breaches, account takeovers, and identity theft.
🎯 Learning Objectives
- Why passwords are targeted by attackers
- What makes a strong password
- Common password mistakes
- Best practices for managing passwords securely
- When and how to use password managers
1️⃣ Why Password Management Matters
Attackers don’t usually “hack” accounts — they log in using:
- Stolen passwords
- Reused passwords
- Weak or guessable passwords
🔓 What Attackers Exploit
- Short passwords
- Password reuse across multiple sites
- Predictable patterns (e.g., Summer2025!)
- Credentials leaked in data breaches
🚨 Real-World Impacts
- Email account compromise
- Bank and Crypto theft
- Social media takeovers
- Corporate/Enterprise network breaches
2️⃣ What Makes a Strong Password?
It should be long, unique, and unpredictable. Enforcing this entails incorporating strength & complexity, to ensure it’s a strong password or passphrase.
✅ Strong Password Characteristics
STRENGTH
The recommendations for creating a strong password are to include:
• Lower Case Characters
• Upper Case Characters
• Contains Numbers
• Contains a Special Character
• 12 Characters or Longer
• No personal information
• Not reused anywhere else
COMPLEXITY
To further strengthen a password LEETING is recommended. When you Leet a word, you exchange letters for symbols and/or numbers. For example the word “Password” would become “P@$$w0rd” by exchanging the ‘a’ with ‘@’, the ‘s’ with a ‘$’, the ‘o’ with the number ‘0’, et cetera.
PASSPHRASE
So having a long, strong, leeted password is recommended but who can remember a password like ‘m-8HP{E3<.&+J8qS,,T4aJUD’? Using a passphrase instead would meet all the requirements for strength and complexity, but would also be much easier to remember.
‘Garfield99″ is not a secure password at all even if you leet it to ‘G@rf!3ld99’ so using a passphrase such as ‘MyFatCatisOrange!’ would be great. Leeting that to ‘MyF@tC@t!$0r@ng3!’ makes it very secure and extremely easy to remember.
3️⃣ Common Password Threats (Beginner Level)
🔍 Brute Force Attacks
Trying many password combinations until one works.
🎣 Phishing Attacks
Tricking users into entering passwords on fake websites or emails.
🧾 Credential Stuffing
Using leaked passwords from one site to access other sites.
🧠 Social Engineering
Guessing passwords based on personal information:
- Birthdays
- Pet names
- Favorite sports teams
❌ Weak Password Examples
- password123
- Welcome1
- John1989
- CompanyName!
✅ Strong Password Examples
- Blue$River!92Cloud
- 7*Lamp-Quiet_Forest
- F!shBowl^Cactus88
TRY A PASSWORD STRENGTH TESTER:
Password Monster
BitWarden
Password Tester
4️⃣ The #1 Rule: Never Reuse Passwords
Password reuse is the biggest mistake beginners make.
If one website is breached and you reused that password:
➡️ Attackers can access multiple accounts.
🔐 Best Practice
- One password per account
- Especially critical for:
- Banking
- Work accounts
- Cloud services
TIPS
Do not use any personal information that can be directly linked to you such as:
• Family members and/or pet names
• School and/or Work names
• Important dates such as birthdays & anniversaries
• Addresses or location information
• Try to use a more memorable passphrase instead of a password
• Try not to use the same passphrase for multiple accounts
5️⃣ Password Managers (Beginner Essential)
You are not supposed to memorize dozens of passwords. You can store passwords using applications such as LastPass, KeePass, or a physical hardware authentication device like Yubikey.
🔑 What Is a Password Manager?
A Password Manager:
- Stores passwords securely
- Generates strong passwords
- Auto-fills logins
- Encrypts your password vault
🛠️ Benefits
✔ No reuse
✔ Strong passwords everywhere
✔ Faster logins
✔ Reduced phishing risk
🔐 Master Password Rule
- Create one very strong master password
- NEVER share it
- NEVER reuse it anywhere else
6️⃣ Password Do’s and Don’ts
✅ DO
✔ Use a password manager
✔ Use long, unique passwords
✔ Enable MFA
✔ Change passwords after a breach
✔ Lock your devices
❌ DON’T
✖ Reuse passwords
✖ Share passwords via email or chat
✖ Write passwords on sticky notes
✖ Store passwords in plain text
✖ Click suspicious links
7️⃣ Password Changes & Breaches
🔁 When Should You Change Passwords?
- After a data breach
- If you suspect phishing
- If someone accessed your account
- If your password was reused elsewhere
🚫 You do NOT need to change passwords regularly unless there is a risk.