![Anonymous Philanthropist Among Stakeholders Paying Sha For Over 2 Million Kenyans [List]]( https://thekenyatimescdn-ese7d3e7ghdnbfa9.z01.azurefd.net/prodimages/uploads/2025/09/sha-ruto-2-360x180.png "Anonymous Philanthropist Among Stakeholders Paying Sha For Over 2 Million Kenyans [List]")
The Directorate of Criminal Investigations (DCI) has shared guidelines on password management as part of its cybersecurity awareness programme.
In a statement on October 2, DCI stated that password management is a key pillar of cybersecurity, underpinning the security of both individuals and organizations in the digital age.
Despite persistent advances in security technologies, passwords remain one of the most common and vulnerable methods of authentication. This is primarily due to issues such as poor user habits, evolving attack methods, and organizational oversights.
Best Password Creation Practices
- Create passwords as long as 64 characters and use spaces. Longer passwords—especially passphrases —are significantly more resistant to brute-force attacks.
- Eliminate Arbitrary Composition Rules: Requiring uppercase and lowercase letters, numbers, and symbols can result in predictable patterns and user frustration. Instead, focus on length and unpredictability.
- Screen Against Known Breaches and Blacklists: Systems should automatically prevent users from choosing passwords found in breach dumps or on lists of commonly used passwords
- No Mandatory Frequent Rotation: Forced, periodic password changes are discouraged unless there is evidence of a compromise. This change is based on research showing that users tend to make minimal changes, which can undermine security.
Also Read: What You Need to Know About Kenya’s E-Judiciary and E-Filing Portal
Derek A. Smith, founder of National Cyber Security Education, also listed some of the best practices for password management.
In a 2022 article, Smith listed practices people should keep in mind when it comes to creating, storing, and changing passwords.
Apply Password Encryption
Smith said encryption provides additional protection for passwords, even if they are stolen by cybercriminals.
The best practice is to consider end-to-end encryption that is non-reversible. In this way, you can protect passwords in transit over the network.
Implement Two-Factor Authentication
He explained that two-factor authentication makes it hard for attackers to guess or crack the password and gain access.
Test Your Password
Smith recommends testing passwords with an online testing tool.
He stated that Microsoft’s password strength testing tool can help generate passwords that are less likely to be hacked.
Don’t Use Dictionary Words
He also discourages the use of dictionary words while creating passwords.
Smith said hackers have programs that search through dictionary words across lots of languages.
Also Read: How to Change Your KRA Email and Reset Your Password
Use Different Passwords for Every Account
He advises against using the same password for all platforms.
This is to prevent all accounts from being breached when one is hacked.
Change Passwords When an Employee Leaves Your Business
Smith advises employers to change passwords whenever an employee leaves the Company.
This is to prevent former employees from hacking the company systems.
Sadly, it is not uncommon for former, disgruntled employees to become your business’s worst enemy. Make it a common practice to change passwords when an employee leaves, so that former employees cannot access your business accounts and cause harm.
Avoid Storing Passwords
He also warns against storing passwords either digitally or on paper, as this information can be stolen by those with malicious motives.
Follow our WhatsApp Channel and X Account for real-time news updates.
