Tips for creating cyber-safe passwords

Green code on a dark screen
Date
June 26, 2026
Author
Isatis Group
Category
Tips
Read time
4 min read

Long, strong and unique is only the start. How password managers, encryption and letting go of forced resets make your accounts genuinely harder to crack.

We all know that using ‘good’ passwords for our online accounts is important. They should be long, strong, and unique. But we also have a lot of different online accounts these days, and it has become harder to remember all the passwords we need for them. So instead of making sure our passwords are unique, we often reuse the same ones over and over. Unfortunately, that makes our accounts vulnerable to attack.

People do get hacked, and entire passwords are regularly stolen in breaches. The good news: a few practical habits dramatically improve your protection. In this article we share the ones that matter most.

One key for every door

Using the same password for more than one account is like having one key to unlock every door you use. If that key is stolen once, every door is open. That is exactly what happens after a data breach: attackers take the leaked e-mail and password combinations and try them everywhere else, from your webshop account to your business e-mail.

The fix is simple to state and hard to do by hand: every account gets its own password. Which brings us to the next point.

Store passwords the right way

First things first: storing passwords in plain text, in a notes app, a spreadsheet or an e-mail draft, is not wise. There is no choice here. Always use encryption.

If you are worried about remembering dozens of unique passwords, use a password manager. It stores and manages your passwords in an encrypted vault, generates strong ones for you, and the password manager itself becomes the only account you need to remember login details for. One strong key, kept in a safe, instead of one weak key for every door.

Rethink convenience: autofill

Autofill is incredibly convenient: you do not need to type the same fields over and over. But from a security point of view, tricking a browser or password manager into giving up saved information is surprisingly simple. All a hacker needs to do is place an invisible form on a compromised web page, and the browser happily fills in your login details where you cannot see it happening.

Our advice: think about turning off the autofill feature in your browser settings, and let your password manager fill credentials only when you explicitly ask it to.

Stop changing passwords on a schedule

If you are still changing your passwords every few months, you are doing it wrong. Microsoft now recommends that unless you suspect a password has been exposed, you do not need to change it periodically.

The reason is human: forced to rotate passwords, most of us fall into bad habits, easy-to-remember variations, or sticky notes on the monitor. A long, unique password that never leaks beats a weak one that changes every quarter.

We all have a responsibility to keep our information secure. But remember: you can never be too safe when it comes to online security. Want to know how your organisation scores? Schedule a call, we are happy to take a look with you.

Share this article

Jack van Poll

Jack van Poll

Co-Founder, Isatis

Writes about nearshore engineering,
software partnerships and building teams that last.

Get in touch

Read next.

All articles