Skip to main content
IT KORR
IT KORRKeeping Organizations Reliable & Resilient
Password Security · Download

Password Security Awareness Guide

A plain-language guide for general staff — not administrators — on what changed in password guidance and what to actually do.

IT KORR Knowledge Center

Password Security Awareness Guide

A plain-language guide for general staff — not administrators — on what changed in password guidance and what to actually do.

What Changed and Why

You may notice you are no longer asked to change your password every few months, or to include a specific mix of symbols and numbers. This is intentional — current guidance found that those older rules pushed people toward predictable passwords that were actually easier to guess, not harder.

What You Should Do Instead

  • Use the company password manager for every account — you should not need to memorize passwords.
  • Let the password manager generate a new, random password for each new account.
  • Never reuse a password across two different accounts, even personal ones.
  • Turn on multi-factor authentication everywhere it is offered, not just where it is required.
  • If you ever suspect an account was compromised, change that password immediately and tell IT.

Common Questions

  • Why can't I use the same strong password everywhere? — One breach anywhere that password was used exposes every account using it.
  • Isn't a password manager itself a risk? — It is protected by one strong master password plus MFA, and is far safer than reusing passwords or writing them down.
  • What if I forget my master password? — Contact IT for the organization's approved recovery process — never share it with anyone else.

Related Resources

  • Password Manager Guide — /knowledge-center/cybersecurity/password-security/password-manager-guide

This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual systems before adoption — see the full Password Security Hub for the reasoning behind each recommendation, or use the Password Policy Generator for a fully configurable policy document.

Build: add8299 | Built: Jul 9, 2026 9:26 PM EDT