Creating an excellent password is a hot topic of conversation, especially each year on the first Thursday in May, which is “World Password Day.” We’re glad that there’s a day set aside for talking about passwords, but even if it isn’t Password Day when you read this, you can still take some time to think about your passwords. So how do you create an excellent password? What are some tips?

Microsoft released their updated password guidance way back in 2016, which seems like a lifetime ago. At Community IT Innovators we have rooted our password recommendations in their research, and adapted it to take advantage of new tools and systems that have emerged.  In general, you need to have a small number of remember-able passwords; one to login to your computer and another password to login to your password manager application

Think of this as having a password to the gate to get into your yard, and another to the gate to get into your garden, which is surrounded by a fence. All your other passwords are growing in the garden, protected by these two outer gates. Once you are within your garden fence, you have complete access to all your other passwords, so you don’t need to memorize them, you can always look them up from within the safety of the fence, away from prying eyes. However, you would want your two important passwords, to the yard and to the garden, to be very difficult to guess and kept very private, because anyone with those passwords can access all the other passwords in your garden.

How to Create an Excellent Password: 

Tips for creating an excellent password: 

How often should I change my password?

Now that you have chosen an excellent password that is long, strong, and easy to remember, how long before you will be forced to choose a new one?

The good news is, passwords don’t need to be changed regularly just for the sake of rotation. If you have a strong and unique password that you have never used elsewhere and that is protected with MFA, then there may never be a need to reset that password. 

You should regularly check up on your accounts, however, especially free older email accounts such as Yahoo which have been compromised many times over the years. Using free services like or managed services like ID Agent that scour the dark web for compromised accounts can help inform you if you need to create new credentials for a service that has been compromised. 

And it can be a good idea to change a password when you learn of a security breach that may impact an email account of yours, such as the data breaches at Target or Sony. Of course, if you are following good password hygiene and not ever reusing passwords your risk is far lower when such a breach occurs!

What about administrator accounts?

Privileged accounts (typically domain, global or super admins) should be optimized for security since no human needs to memorize these passwords. The account names should also avoid using common Admin names (such as support, exchange, admin, etc) to reduce vulnerability to brute force attacks.  So how to create an excellent password for an admin account?

 Administrator level passwords with privileged access: 

Solutions such as Secret Server Online from Thycotic, Last Pass or Dashlane are indispensable. The staggering amount of data breaches means that there are enormous databases of valid credentials available to the bad guys. You can get notified if an account you use has appeared in a breach at the site This site will let you know what breaches a specific email address has been exposed in.  

Next Steps:

Any change to your nonprofit cybersecurity environment depends on several factors for success. 

Ready to reduce your nonprofit cybersecurity risk?

Choosing a strong and unique password, combined with MFA, is the best way that you can protect your digital identity, both in the personal and professional sphere. Requiring strong passwords and using password managers and SSO at your nonprofit is a quick and easy step you can take to secure your reputation and deflect hackers.

At Community IT Innovators, we’ve found that many nonprofit organizations deal with more cybersecurity risks than they should have to. As a result, cyber damages are all too common. 

Our process is different. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. We published our Nonprofit Cybersecurity: a Guide for 2020 to help our community understand the issues. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.

Learning how to create an excellent password is a first step, one that all your nonprofit staff should take. Password security is a vital part of any robust cybersecurity stance – and working with Community IT can reduce the likelihood that you’ll experience an effective attack in the first place. If you’re ready to gain peace of mind about your cybersecurity, let’s talk.