Question? Call Us 858-777-0040
Tech Kahunas Header Logo

How to Create Effective User Password Education

People sitting at meeting table
Download Tech Kahunas new ebook "The Accountant's Guide to the FTC Safeguards Rule"

While using the recommendations in the first three blogs in this series (password composition, password practices, password policies) are critical, employers have to create a “culture” of security where there is ongoing discussions about maintaining cybersecurity. Employee education is essential. Also know that a company’s compliance requirements may be a factor if they stipulate password complexity and education for their workforce. I’ll also cover password managers at the end.

Some Guidelines

Businesses should:

1. Mandate user training in password complexity: never use passwords that are easy to remember, change passwords often, never reuse or recycle passwords, never use real personal data in passwords or recovery questions, never use dictionary words or patterns.

2. Train employees how to maintain password and account privacy.

3. Recommend to employees to never share passwords, never text or email passwords, use a separate password for each account and not reuse business account passwords for personal accounts.

4. If optional, recommend that employees use multi factor authentication wherever possible.

5. Recommend to employees that they not write down or input them into Excel or Word. Case in point: users who write passwords on sticky notes left on their monitors or desks.

6. Recommend that users not use browser password saving and encryption features. These are notoriously weak.

7. Discuss password provisioning with new employees.

8. Discuss password lifetimes, lock outs and audits with all employees.

9. If allowable under the company’s acceptable use policy, encourage the use of a password manager.

Conclusion: A Brief Word About Password Managers

As mentioned in the beginning, I want to say something about password managers. These include software “vaults” like 1Password, LastPass or Bitwarden that can create randomized, complex passwords and store them securely.

If SMBs and organizations require one, then they will be on the right track and users will not have to remember their lists, except for their master password.

This brings us to their biggest vulnerability: the loss or compromising of the master password.

But if users keep that secure, they will be well on their way to having a secure set of passwords.


Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.

Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.

Download Tech Kahunas new ebook "The Accountant's Guide to the FTC Safeguards Rule"


Leave a comment

Your email address will not be published. Required fields are marked *

Peter Bondaryk
Peter Bondaryk

Business Owner's Guide
to Cybersecurity
ebook business owner's guide to cybersecurity
Latest posts
Follow us

Get Our FREE Accountant's Guide to the FTC Safeguards Rule Ebook!

The New FTC Requirements
That Will Change the Way You
Do Business

Get Your FREE Copy!​

Sign up to learn how you can protect against cybercrime

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

If today your business was hacked and you were at risk of losing it all...
Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue