Password Security

Written By Victoria Arnold

A strong password is crucial to the security of both you and your company. So what makes a strong password?
Let’s take a look at this password and find out what its strengths and weakness are:

Pineapple$Dancing@Midnight

What makes this password strong?

  • Length: 26 characters — longer passwords are significantly harder to crack.

  • Mixed case: Upper and lowercase letters (P, D, M vs. other lowercase).

  • Special characters: $ and @ add complexity.

  • Uncommon combination: The phrase isn’t a typical dictionary phrase or reused password pattern.

What could make it weak?

  • If you’ve used this password somewhere public or if it’s tied to a common phrase you’ve posted, it could be at slight risk through social engineering.

Can it be an issue that it has English words?

It can be a slight weakness that the components are English words, but only if:

  1. The password is short

  2. The words form a common phrase (like LetMeIn123!)

This is not a big issue because

  1. Length and character variety matter more than whether words are English.

  2. Pineapple$Dancing@Midnight is not a common phrase.

  3. Special characters ($, @) break up predictable patterns.

  4. It would take trillions of years to brute-force this with today's tech.

To be even safer (paranoia mode):

If you’re using the password for something sensitive, you can make it even stronger by adding a number or making one word less predictable (e.g., P1neapple$Dancing@Midn1ght).

If you want to reduce even the possibility of a smart dictionary attack, change one or two letters in unexpected ways:

  • Pine4pple$Danc1ng@Midnite


Getting a completely randomized password and a password manager to remember it for you is even more secure because:

  1. Random = no patterns
    Attackers can't guess it using dictionaries, common phrases, or social engineering.

  2. Long + complex = brute-force resistant
    A 20+ character random password like u8@kT7&vLzQ1m#eF2pNw is extremely hard to crack.

  3. Password managers eliminate human error
    You don’t have to remember or reuse anything.

Should you do this for everything?

YES for:

  • Banking

  • Email

  • Cloud storage

OK to use a memorable strong passphrase for:

  • Low-risk logins (e.g., hobby forums)

  • Accounts you use frequently and need to type manually

Best practice:

  • Use a password manager
    We provide PasswordBoss, a secure, business-grade password manager powered by CyberFox. It helps you create and store strong, unique passwords for every account — so your team doesn’t have to remember or reuse anything. We manage setup, security policies, and onboarding for you.

  • Generate unique, random passwords for each site.

  • Only memorize your password manager’s master password

Victoria Arnold
Previous

What is PCI Compliance and Why It Matters
Next

Merging Vendors and Other Accounts