Skip to main content
Back to News

What makes a good password?

15th November, 2019

No matter how clever you think you’re being when you write your passwords down, you’re not.

For all of us, the subject of passwords is a real pain. We have multiple accounts to access -email, various business apps, banking, and that’s apart from personal stuff like online shopping, film streaming services, and so on.

So, how do you pick a password that’s difficult to crack?

There are some basic rules in choosing a secure password:

Make it memorable for you

As you need passwords on a fairly regular basis, if you can’t remember them they aren’t much use. And you know what that means… requesting a password reset and then being put under pressure to create a new password quickly which meets all the necessary criteria. This in turn starts a vicious circle – every time you want to logon to a website you have to go through this again. Infuriating and time consuming.

Make it difficult to guess

  • Use a mixture of upper/lower case characters, include numbers and special characters
  • Use a minimum of 10-12 characters
  • Don’t use derivatives of a single word such as ‘Password1’ or ‘Pa55word’, it isn’t secure and is easily guessed
  • Don’t use something personal such as your children’s or pet’s names, dates or place or birth – these can be easily gathered from other sources such as social media

Don’t write it down

No matter how clever you think you’re being when you write your passwords down, you’re not. Jotting them down on post-it notes in your desk drawer just doesn’t cut it. 

What is good practice?

Ideally, you should take a phrase or set of random words, select small sections of each word and put them together with punctuation marks. Add in some special characters and numbers and you’ve got a good recipe.

Here’s an example, but please don’t use this – it’s publicly available on our blog!

Phrase – ‘I wouldn’t jump out of a plane. Would you?’

If we take the first character of each word, keeping the punctuation and keeping capitals where they appear, this gives you ‘Iwjooap.Wy?’. That’s nigh on impossible for anyone to guess and pretty difficult for any brute force software to work out. Now throw in a few numbers – ‘83Iwjooap.Wy46’. We’d be pretty happy with that one.

If that all seems a bit complicated, you could consider selecting three random words such as ‘Fridge Cricket Backpack’. Put these together in any order, separate with a few punctuation marks and add a few numbers and you get something along the lines of ‘44Fridge,Cricket,Backpack?!’. Again, hard to crack.

You can learn more information about this, if you’re interested, on the Government’s National Cyber Security Centre website – https://www.ncsc.gov.uk/ – #thinkrandom.

You could also let your browser/device choose a password and store it for you. These tend to be both random and strong. But beware, if anybody else can access your device, they’ll also have access to all of your accounts. And please remember to choose different passwords for work and personal.

How many passwords should you use?

There’s conflicting advice on whether you should have a different password for each account or one very strong one that’s used across them all.

Having one very strong password has the advantage of easy management, but the downside is should one website or service be compromised, that potentially exposes all your accounts.

A unique password for each account gives you the assurance that should one be compromised, the rest should be safe. But, of course, you need to manage these and with the number of systems we have access to in both our work and personal life increasing, this can be difficult to do securely.

We have a post coming up addressing password management techniques and software. But in the meantime, if you adopt our suggested approach to password creation, that should help you.

If you would like help with password management, or a security audit for your business, please contact us on 01784 437 123.

Related articles

How to Avoid Regulatory Penalties with Better File Management

Effective file management is crucial for UK businesses in regulated industries to ensure compliance and avoid fines. Organisations must understand how they handle data, including personal identifiable information (PII), and ensure compliance with GDPR. It’s important to check where data is stored, whether in the UK, EEA or overseas, and meet related regulatory obligations. Key…

Read More

Unplugged: How One Software Glitch Brought Global Business to Its Knees

Learn how the 2024 CrowdStrike outage impacted businesses globally & discover key strategies to protect your company.

Read More

Powering Business Growth: The Transformative Role of Technology

Discover how embracing technology is essential for business growth in today's competitive landscape. From boosting efficiency and productivity to enhancing customer experience and driving innovation, technology is reshaping how businesses operate. Learn how smart tech strategies can help you scale, make data-driven decisions, and secure your digital assets, positioning your company as a leader in…

Read More

When Systems Crash, Is Your Business Ready to Bounce Back?

Recent high-profile IT outages highlight the critical need for reliable infrastructure and effective recovery planning in businesses. These incidents can cause severe operational, financial, and reputational damages. To mitigate risks, we urge companies to adopt proactive IT management approaches or partner with experienced service providers, ensuring robust monitoring, security, and recovery strategies to maintain business…

Read More