It wouldn’t be cybersecurity awareness month without a blog about the importance of password hygiene.

I probably don’t have to tell you the importance of setting strong, unique passwords. But it’s worth sharing recent statistics that show the importance of good password hygiene. According to Verizon’s 2025 Data Breach Investigations Report, compromised credentials remain one of the leading causes of breaches, with attackers often succeeding because users reuse or choose weak passwords. Cloudflare reports that nearly half of all successful logins protected by the company involve compromised credentials. 

The stakes are incredibly high.

And here’s another reason to revisit your password habits: the best practices shared by NIST in recent years have changed, meaning what was prescribed in the past may no longer solve the problems we see today in news headlines. For example, older advice like requiring frequent password changes has been phased out in favor of more effective strategies, such as length, uniqueness, and the use of multi-factor authentication (MFA).

So what constitutes best practice, and how can we make our bank accounts and private information resilient to exploitation? In the second of our blog series this month, we answer that question to help keep your passwords safe and secure.

Tip 1: Go long, not just complex

The old guidance was to make passwords overly complex with random symbols and numbers. Today, length is more important than complexity. A password like “GreenBananaAirplane29” is far stronger than a short jumble of characters, while still being memorable. NIST recommends creating a password at least 15 characters long.

Tip 2: Never reuse passwords

Reusing passwords across accounts is one of the riskiest habits you can have. If an attacker steals your password from one site in a data breach, they’ll try it everywhere else you log in. Use a unique password for every single account.

Tip 3: Use a password manager

Trying to remember dozens of strong, unique passwords is nearly impossible. A password manager stores them securely and generates new, random ones for you when needed. This makes good password hygiene realistic and sustainable.

Tip 4: Add an extra layer with MFA

Even the strongest password can be stolen through phishing or a data breach. Multi-factor authentication (MFA) adds an additional barrier, requiring you to confirm your identity through another method, like an app, text message, or hardware key. Whenever possible, enable MFA on your accounts.

Tip 5: Watch out for phishing attacks

If you read our blog from last week, you understand the impact of social engineering attacks, especially phishing. 

Many attackers don’t bother guessing your password, but instead focus on campaigns in which you willfully divulge it. Be wary of emails or messages asking you to log in urgently, even if they appear to come from a trusted source. Always verify the sender and navigate to websites directly instead of clicking suspicious links.

Bringing it all together

Passwords remain a fundamental part of protecting our digital lives, but habits need to evolve as attackers adapt and best practices change. By focusing on length, uniqueness, password managers, MFA, and phishing awareness, you’ll make your accounts much harder to compromise.

This cybersecurity awareness month, take a few minutes to check your most important accounts and upgrade your passwords where needed. A small investment of time today could save you from a major headache tomorrow.

Stay tuned for more tips and awareness topics via our blog.