When it comes to generating a strong password, a concerning number of people are uninformed or don’t act on the guidance that’s out there. Cyber security is vital for businesses
, and it’s important for personal accounts too. In this post, we’re looking at the top five least-secure passwords and three easy tips on creating a strong password that you can implement to improve your cyber security
What is a Secure Password?
Speaking at an RSA security conference in 2004, Bill Gates predicted the end of the password
as we know it. He said:
“There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems; they write them down, and they just don’t meet the challenge for anything you really want to secure.”
Even now, almost twenty years later, his second statement still rings very true. The average person uses infinitely more passwords than they could have even imagined in 2004, and yet the majority of people remain unaware of how to generate a strong password.
The Worst Passwords
In 2021, NordPass published the most common passwords of the year,
and the outcome was a little bleak. In the UK, the passwords used most frequently over the last year were:
All of these would take a hacker less than one second
to crack. Collate that data with the fact that 52% of people
use the same password for multiple accounts (and 13% use the same password for all of their accounts), and the issue becomes clear. But what is the best way to create a password?
Creating a Strong Password
- Choose secure passwords
A lot of the basic security guidance for creating a strong password may already be familiar to you – general advice typically includes not using any personal information (like your name, age, date of birth or kid’s name) and adding numbers or symbols.
Creating a strong password of completely random characters with long strings of mixed-case letters, numbers and symbols is much harder for hackers to get past, but it will also be much more difficult for you to remember.
In fact, the National Cyber Security Centre recommends something easier – the three-word method
. What this means is to put together three completely random words, like WindowBottleBread
. Total nonsense, but this method makes your passwords longer and more random, as well as much easier to remember.
- Password managers
Whether at home or work, we believe everyone should have a password manager. Considering that the average person might have hundreds of online accounts, it’s not feasible to expect them to remember a different, complex password for each one. Even the three-word method is only good for one or two passwords before you get muddled in random words.
Password managers are painfully underutilised, but they are key to having successful password security. Have a look online; you can often find basic packages for free. We recommend 1Password
, which you can use individually, with your family or in your business.
You can create a strong password, log it into your password manager, and that’s it sorted!
- Don’t expire your passwords
Technology has changed rapidly since the invention of the World Wide Web in 1989, and while password security hasn’t been quite as quick, it’s still very much moving on. People used to believe – and plenty still do – that the most secure password was never stagnant. As a result, many businesses enforced a password expiration programme, meaning that every 30, 60 or 90 days, every worker was forced to change their passwords to something new.
This has since proven ineffective, as it doesn’t encourage people to create a strong password. Password expiration means people are more likely to choose easy-to-remember passwords and change them only minimally. For example, their passwords over three expiration periods may be password
. It technically meets the criteria, but it’s definitely not secure.
Okay, you’ve picked a perfectly secure password and stored it in your password manager. Of course, you could leave it at that, but with hackers becoming increasingly more sophisticated, one thing to consider is two-factor authentication
. This means that even if your password were compromised, a hacker still wouldn’t be able to access your accounts. You can even use two-factor authentication without a smartphone
, ideal for business use.
You can learn more about why two-factor authentication is important
over on our blog
So now you know what the best way to create a password is and how to generate a strong password. However, you should remain cautious of alternate tactics like phishing
; opening your account to the wrong person, even accidentally, can make your very-secure password redundant. Learn how to spot a phishing email
on our blog, or contact us today
to arrange an independent security review
of your business.