2LRN4 security awareness platform
← Back to overview

Passwords — going deeper

Length, uniqueness and multi-factor. How to use passwords so they truly protect, not just tick a box.

Length, uniqueness and multi-factor. This e-learning builds on the basics and shows how to use passwords so they truly protect, not just tick a box.

A colleague proudly mentions a new password. "Secret123!" — cheerful and easy to remember. Another still uses the same password at work and at home, "because I have a good memory". A third keeps every password in an Excel file. Three different solutions, three versions of the same problem: in 2026 a memorised password is almost never a safe password.

The Passwords — going deeper course builds on the basic lesson and explains why modern attacks demand a new approach. Attackers use complete lists of previously leaked passwords, automate millions of attempts per minute, and recognise patterns in "creative" passwords faster than a human. The era when one capital and one exclamation mark sufficed is over.

Employees learn three principles that do work. Length over complexity: a passphrase of four or more words is stronger than "Ab1!cd". Unique per service: reuse means a single leak places every other account at risk. Multi-factor: a second factor renders even a guessed password useless to an attacker.

The course also covers practical solutions that make these principles workable. A password manager that generates and stores unique passwords per service. Authenticator apps instead of SMS for multi-factor. Passkeys that no longer use passwords at all. For each solution the course shows how to make it usable without daily friction.

Finally it becomes clear what to do when something feels off. An unfamiliar login alert, a reset request you did not start yourself, a service announcing a leak — all moments to change passwords, check multi-factor and, when in serious doubt, involve IT.

The core message is clear: a good password today combines length, uniqueness and a second factor.

What does the participant learn concretely?

After completing this course:

  • the participant understands why traditional password rules no longer suffice
  • they apply the three principles length, uniqueness and multi-factor
  • the participant knows password managers and authenticator apps

Who is this course for?

This course is suitable for:

  • employees who completed the basics on passwords
  • any employee with access to business systems
  • organisations renewing their password policy

Why this course is relevant now

Automated attacks on passwords are cheaper than ever, and leaked passwords circulate worldwide. A strong modern approach protects not only accounts but also the people behind them.