Strong Passwords

Every company and medical practice should have a password policy, and it should be included in the Employee Handbook.   Passwords should not be kept on sticky notes (yes, it happens), or lists kept in notebooks.  Cyber attacks are serious, can spread throughout a company and expose sensitive information to hackers.  And for most companies, the weakest security link are their people.  Especially if your people are creating their own passwords, and even using one password for multiple logins.

Most passwords are eight characters long (usually the minimum required when creating a password).  And believe it or not, the most common ones are still ‘password’ and ‘12345678’.  People generated passwords tend to follow this pattern:

 Xxxx####, where X is a capital letter, x are lower case letters and # are numbers (e.g. Mark1234). 

The more complex the password, the more difficult it is for cyber-attacks to succeed.  For a simple fix, simply change up the pattern, trying something like xX####xx (e.g. mA1234rk).  For a better fix, use a password generator and manager.  More on this later.

When using password reset questions, don’t give them the “real” answer.  Too often your answers can be found by checking your social media sites.  Keep the made-up answers in a password protected document.  So, instead of using your mother’s maiden name, try your grandmothers.  Instead of your favourite dog’s name, try the neighbour’s dog name or your first goldfish (although “Goldie” might be quite easy to guess!).

There are several types of password attacks.  The most common is social engineering where you’re tricked into revealing a sensitive password.  Remember, most attacks are around financial information, credit card numbers and pins or online accounts.  Another form is through malware by hackers.  If you store your passwords in your browser, TrickBot can be used to find them.

The most effective way to create a strong password is to use one that requires multi-factor authentication (at least two factors), as it’s phishing resistant.  The second way is to use a password manager (check out options at, including 5 Best Password Managers (2022): Features, Pricing, and Tips | WIRED) and allow it to create fully random 12-character passwords.  These are virtually unhackable.  If you make up passwords yourself, to get the same strength, you’d have to use a 20-characters password. 

And if you think your passwords aren’t out there on the internet, if you’ve been on the internet for more than ten years, undoubtably at least some of your passwords are compromised.  When websites are compromised, the hackers invariably pull passwords, especially in the hope that you only use a couple of passwords.  To find out if you’ve been compromised, go to or  Other useful sites are  

Remember, people are the weak link in cybersecurity.


2Ascribe Inc. is a medical transcription services agency located in Toronto, Ontario Canada, providing medical transcription services to physicians, clinics and other healthcare providers across Canada. Our medical transcriptionists take pride in the quality of your transcribed documents. WEBshuttle is our client interface portal for document management. 2Ascribe continues to implement and develop technology to assist and improve the transcription process for physicians and other healthcare providers, including AUTOfax. AUTOfax works within WEBshuttle to automatically send faxes to referring physicians when a document is e-signed by the healthcare professional. As a service to our clients and the healthcare industry, 2Ascribe offers articles of interest to physicians and other healthcare professionals, medical transcriptionists and office staff, as well as of general interest. Additional articles may be found at  For more information on Canadian transcription services, medical transcription work or dictation options, please contact us at


You might also enjoy

AI Bias

The results created by an AI model can be considered