MDaemon Technologies Blog

Protect Accounts from Hackers: 9 Tips for Stronger Passwords

By Brad Wyro

Passwords have been the primary mechanism for online security for years, but many people continue to use poor habits when creating passwords, and this trend appears to be getting worse as the average online user has to keep track of up to 100 accounts.

The statistics provide a glimpse of the dire nature of these bad practices.

  • Three out of four people are at greater risk of being hacked due to poor password practices.
  • The average cost of a data breach in 2023 was $45 million.
  • 85% of people use the same password across multiple accounts.

And while many platforms now support biometrics to enhance online security, the adoption of these passwordless authentication methods is not keeping up with current password use.

Understanding Password Strength

Understanding password strength is crucial for maintaining security in your online accounts. Follow these nine tips for stronger passwords.

  1. Length: Longer passwords are generally more secure. A good rule of thumb is to aim for a minimum of 12 characters, but longer is even better.

  2. Complexity: A strong password includes a mix of different character types, such as uppercase letters, lowercase letters, numbers, and special characters (!, @, #, etc.). This complexity makes it harder for attackers to guess or crack the password using automated tools.

  3. Unpredictability: Avoid using easily guessable information such as common words, phrases, or patterns related to your personal life (like your name, birthdate, or pet's name). Instead, opt for random combinations of characters or use a passphrase—a series of random words strung together.

  4. Use unique passwords for each account: Each online account should have its own unique password. Reusing passwords across multiple accounts increases the risk—if one account is compromised, all others using the same password become vulnerable.

  5. Avoid common patterns: Steer clear of common password patterns like "123456", "password", or keyboard patterns like "qwerty". These are often the first combinations tried by attackers.

    Tip for Administrators:

    MDaemon has a “Bad Passwords” file that can be used to prevent users from using passwords containing common words such as “password” or “letmein”.

    In MDaemon Remote Administration, these settings are located under Setup | Account Settings | Passwords.

    Prohibited passwords list in MDaemon Email Server

  6. Use App Passwords: Using app passwords, MDaemon users can have a different, strong password for each of their email clients. In other words, a user can have a separate password for webmail, an IMAP client, an ActiveSync client, and any other connection from a mail client or mobile device. This bolsters account security by making it much hard for an account to be compromised via a single password.


  7. Update passwords regularly: Change passwords periodically, especially for sensitive accounts. This reduces the risk in case a password is compromised without your knowledge.

    Tip for Administrators:

    MDaemon administrators can ensure users are changing their email passwords regularly by entering a password expiration timeframe via the Account Settings | Passwords menu.

    Password expiration settings in MDaemon Email Server - MDaemon Remote Administration

  8. Avoid passwords that have been found in a data breach: Hackers have access to large databases of passwords that have been stolen in data breaches, leaving any account that  uses one of these compromised passwords vulnerable.  You can use tools such as HaveIBeenPwned to see if your password has been found in a data breach.

    Tip for Administrators:

    Both MDaemon and SecurityGateway can be configured to check for compromised passwords.

    In MDaemon Remote Administration, these settings are located at Setup | Account Settings | Passwords.

    Compromised password check in MDaemon Email Server

    In SecurityGateway, these settings are located at Setup/Users | Accounts | User Options.

    Compromised password check in SecurityGateway for Email

  9. Two-Factor Authentication (2FA): Whenever possible, enable two-factor authentication for an extra layer of security. Even if someone gets hold of your password, they would still need a second form of verification to access your account.

    - Knowledge Base Article: How to Configure Two-factor authentication in MDaemon

Understanding these principles helps users create and maintain strong passwords, which in turn enhances the security of their online accounts and personal information.

Tags: Cybersecurity, Email Security Best Practices, Email Best Practices, Passwords

Brad Wyro

Written by Brad Wyro

Brad has worked in technical and marketing roles at MDaemon Technologies, where he contributes as Content Marketing Manager. Brad balances technical and creative information to develop easy to understand videos and content to educate prospects and customers.


Subscribe to Email Updates