by John Bandler

Here is a quick definition of the term and explanation of cybersecurity best practices.

Password definition in sum

A password is a combination of characters (letters, numbers, symbols) to gain access to an information system (computer device, online account).

A password is frequently used as a type of authentication.

Password best practices in sum

Cybercriminals have been stealing and guessing passwords for a long time. The challenge is having passwords that we can remember and use, but that are hard for criminals (and their software programs) to guess.

Here are some general principles for passwords

  • Passwords should be strong and unique
  • The strength should be commensurate with risk (e.g., cloud based or device, type of cloud account, type of device).
  • Strong means it is hard to guess, has complexity, has length
  • Longer is usually better
  • Unique means passwords are not reused across accounts or devices
    • Though it weakens your passwords, you could have a password "base" which is reused across many passwords, and then you add on to the front or end (or both) with unique characters
  • Don't reuse passwords across important cloud accounts
  • Don't share passwords
  • Change passwords periodically
    • Not too frequently, not too infrequently
    • Though it weakens your passwords, you could change them by adding a character on to them, reducing brain stress
  • Cloud (online) accounts are accessible to anyone with Internet access. They should have strong passwords.
  • Important accounts should have stronger passwords
  • Computer devices are accessible only to anyone who possesses them. They might not need as strong a password as a cloud account.
    • Reusing passwords across devices might be an acceptable risk
    • If your computer device unlocks with your cloud password, then that cloud password needs to be strong and unique
  • Passwords are a compromise of security (confidentiality) and access (availability)
  • Don't create such password complexity and confusion that you lock yourself out
  • Passwords represent "something you know", one of the three factors of authentication
  • Passwords alone are often insufficient to secure cloud accounts. Consider employing two-factor authentication

Related terms

This is a key term definition article

I have decided to experiment by creating short webpages to provide definitions and best practices for certain key terms. This is one of those webpages.

These are terms that I have explained or defined dozens or even hundreds of times in my life, either through conversation or in writing. After explaining the term I try to explain best practices relating to those terms. These are terms or guidance that may appear in my cybersecurity policies.


This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

This is to inform. You need to assess your own risks and decide. You assume all risk for cybersecurity decisions you make. This is a work in progress. This is a limited amount of words so cannot exhaustively cover all areas.

I may explain nuances further in other articles, or one of my books. Other experts may have differing opinions.

Ask ten different IT or IS experts, you will get ten or more different definitions for a term, and as many different recommendations for cybersecurity posture. Cybersecurity is about decisions and risk management.


If you are a cybercrime victim, see the resources here, and contact me if you need professional assistance.

If your organization needs help with improving its cybersecurity and identity theft protection, feel free to contact me.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 3/30/2023, updated 4/21/2023.