What to use and how to avoid common mistakes
This month’s World Password Day has highlighted just how important strong password protection is in cyber security – and how many of us still don’t take it seriously.
Shockingly, research from Keeper Security (based on 10 million hacked accounts) found that 17% of accounts still use 123456 as a password.
Things to avoid:
- Don't use passwords based on personal information such as: name, birth date, children’s/pets’ names, your car registration number, address etc. This includes using just part of your name, or part of your birth date
- Never use a password based on your username, account name, computer name or email address
- Don't just add a single digit or symbol before or after a word. e.g. "apple1"
- Don't double up a single word, e.g. "appleapple"
- Don't simply reverse a word e.g. "elppa"
What to do:
Use at least eight characters
Use a random mixture of both upper and lower case characters, numbers, punctuation, spaces and symbols
Don't use a word found in a dictionary, English or foreign
Don’t use the same password twice
Choose a password that you can remember so that you don't need to keep looking it up and one that you can type quickly. This reduces the chance of somebody discovering your password by looking over your shoulder
Change your password regularly, e.g. once a month, but not so regularly that you have trouble keeping track or are tempted to simplify it
Change your password whenever you suspect that somebody knows it, that they may guess it, or if you are worried about someone stood behind you while you typed it in
Choosing a safe password:
- Use good password generator software to help you
- Use the first letter of each word from a line of a song or poem
- Alternate between one consonant and one or two vowels to produce nonsense words. e.g. "taupouti"
- Choose two short words and concatenate them together with a punctuation or symbol character between the words. e.g. "seat%tree"
Protecting your password:
- Never store your password on your computer except in an encrypted form.
- Whenever windows on your computer prompts you to "Save password" - don't
- Never send your password via email or any other unsecured channel
- If you must write your password down, don't leave the paper lying around, keep it away from your computer and under lock and key
- Never tell anyone your password.
Ways in which potential hackers will try and get hold of your password:
- Steal it. Looking your shoulder when you type it, or finding the paper where you wrote it down
- Guess it. Many people use a password based on information that can easily be guessed
- A brute force attack. This is where every possible combination of letters, numbers and symbols are used in an attempt to guess the password. With modern fast processors and software tools, thousands of combinations can be tested in seconds
- A dictionary attack. Combinations are first chosen from words available in a dictionary. Software tools are readily available that can try every word in a dictionary or word list until your password is found.
For more tips and advice on choosing secure passwords visit