Passwords, a necessary evil in a digital world. The internet is full of advice and guidance, but this can make it very confusing!

This guide will share with you best practices and common mistakes to avoid.

It will give you the detail so you understand the importance of password management, as well as help you gain the knowledge you need

A password is a secret word, expression or string of characters used to prove a person’s right to access something!

As the world has moved to online the requirements for passwords has exploded. Capital letters, numbers, special characters, unable to use a previous password, different lengths, frequency of change … the list goes on.

You already use passwords, they protect everything and anything including email, homes, social media, phones, money, online gaming, the list is endless. Sometimes a single password is the only thing protecting your valuable data. The trouble is that we have some many accounts and passwords it becomes difficult to remember them!

Ultimately, the choice is yours as to which passwords you use and when you use them. Passwords are free, easy, and effective to stop someone accessing your personal or business information, IF THEY AE IMPLEMENTED CORRECTLY.

We hope this guide will help you to make choices to help protect your most valuable personal information, and also business information when you’re at work.

Common Mistakes / Trends

Most common passwords are published many times the world over, despite this the trends don’t change much year on year. In 2022 these are the listed top 10:

  • 123456
  • 123456789
  • qwerty
  • password
  • 12345
  • qwerty123
  • 1q2w3e
  • 12345678
  • 111111
  • 1234567890

Password re-use: Trying to remember passwords can be hard and this leads to many people using the same password on many if not all accounts. Reporting says this is an estimated 68% of us. While this makes it easy to remember, it also makes it easier for the cybercriminal. If they have your password for one account, they can now access all your accounts!

Using personal information: Many passwords include pet names, children’s names, birthdays & dates of birth. Is it not difficult to guess this information or search the internet to get it!

Default passwords:Not changing manufacturers device passwords. There are websites that lists these defaults, or worse the default password is easy to guess e.g. admin, password etc.

Letter replacements: Swapping letters for special characters and numbers is still very common. Hackers know this is a common practice and will try this.

Passwords from patterns: They can look complex at first glance; but is they are the top row of a keyboard or a sequence of any kind they become easy to predict and break.

Password breaches

There are many ways for cybercriminals to hack the security passwords you took the time to dream up. Here’s a list of a few commonly used techniques to look out for;

Dictionary attacks; these are brute force attacks where hackers use programs to scan and test the password against all words in the dictionary to guess the password. The use of different letter, numbers and special characters make your password more secure against these types of attacks.

Phishing attacks use social engineering scams you in to supplying login credentials, as well as other personal information. They can do this through email and cloned/fake websites.

Password spraying is method where the cybercriminal uses a vast list of frequent chosen passwords and test this against your username, looking of a match.

Credential stuffing attacks, this is when cybercriminal uses your known credentials to attempt to gain access to your other accounts using the same information. The known credentials will have been obtained from a previous data breach.

Website attacks, this is where the cybercriminal will target a website that has weak security with the aim of stealing your credentials to use for other attacks.

How Secure is your password?

You can check your current passwords to see how secure they are or if they have been compromised online. Take care with any site offering this service, as you will be sharing your password. Do not use it if it is asking for your email address while checking a password.

Two sites with a good reputation, and will not request any other personal information are: &

Best practices

  • Minimum of 8 characters, longer is better but you need to balance this with remembering it.
  • Ensure they are random and have no association to you (no links to family, pets, or hobbies).
  • Make sure you use different passwords for different accounts.
  • Make sure they are easy to remember but are hard to guess (four random words is a good strategy e.g., PencilSpatulaGorillaNeptune).
  • Don’t write down any password, try and make them easy to remember.
  • Never tell anyone your password (make sure you are the only one accessing your accounts)
  • Make sure your software and devices are kept up to date.
  • Be vigilant towards other people trying to see your passwords (e.g., over your shoulder, recording etc.).
At minimum, you should use different password between;

  • Financial (bank, credit cards etc) and websites that hold your financial information
  • Business Accounts
  • Personal Accounts

The more you use different passwords one password compromise will be limited to just that account!

Password Storage / Tools

Given the guidance to use different passwords for everything so has arisen the need for technology to help you keep them secure and remember them! The risk if you forget the password to access the store you may lose all of your passwords.

There are many options available, some free and some which you need to pay for.

The most common;

  • Internet browser; secure if the browsers remains update (security updates applied), the account has a strong password.
  • Smart phone; secure is iOS and other operating updates are applied, and the device has password functionality turned on (PIN – 6 or greater, facial recognition, finger print etc.)
  • Application e.g. last pass and pass portal N-able; ensure these are coming from a reputable source.

Contact us to learn more.

Learn more about cyber security and resilience