The problem with passwords
A good password strikes a delicate balance between security and usability. If it’s too complex, people struggle to remember it and often resort to writing it down—sometimes on a sticky note stuck to the very device it protects! This completely undermines security, making it easy for anyone nearby to gain unauthorised access.
However, if a password is too simple, it becomes vulnerable to attacks. Cybercriminals can easily guess weak passwords or crack them using brute force techniques. One common method is a dictionary attack, where hackers systematically test thousands of commonly used passwords until they find a match. Even a slightly predictable pattern—such as using “Password123” or replacing letters with similar-looking numbers—won’t stop modern hacking tools from cracking a weak password in seconds.
So, what makes a good password? It should be unique, long (at least 12–16 characters), and include a mix of uppercase and lowercase letters, numbers, and symbols. Avoid common words, personal information, and easily guessable sequences. A password manager can help you generate and store strong passwords securely, removing the need to remember multiple complex logins.
Ultimately, a good password is one that keeps your accounts secure without being so difficult that you’re tempted to write it down or reuse it across multiple sites. Taking password security seriously is one of the simplest yet most effective ways to protect yourself online.
So what to do?
There are some common ways that cybercriminals might try to compromise your user accounts. Many of these relate to the passwords you use, so let’s take a look at a few of them:
They’re too obvious – so try to ensure that your password isn’t easy to guess. The most common passwords consistently being set still, despite all the advice out there, include ‘password’, ‘123456’, ‘qwerty’, ‘football’ and so on. Take a look at one of the many ‘top 100’ password lists to see what form the most common ones take – and avoid using similar yourself.
Don’t re-use them – there are disappointingly regular stories in the media about cyber-criminals stealing large numbers of passwords from sites that have failed to protect them properly. If you are reusing the same password across multiple sites and cyber-criminals crack one site, they might try the recovered passwords on the other sites you use – so don’t re-use your passwords, and breaches like this won’t affect you quite so badly.
Keylogging – malicious software on your devices logging everything you do! In this instance, it doesn’t matter how complex your password is if you’ve handily typed it for them to steal. The best defense against keylogging is to make sure you have up-to-date anti-malware software installed and that all security updates and patches are regularly applied.
Three random words
A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example, 7greencarmonkeys36!
Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as your child’s name or favourite sports team which are easy for people to guess.
Cybercriminals are very smart and know many of the simple substitutions we use such as ‘Pa55word!” which utilises symbols to replace letters.
Never use the following personal details for your password:
- Current partner’s name
- Child’s name
- Other family members’ name
- Pet’s name
- Place of birth
- Favourite holiday
- Something related to your favourite sports team
Interested in learning more?
The National Cyber Security Centre have put together some useful articles on the subject here:
https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
Ultimately it’s your choice of course, but hopefully, this article has helped to make your password choices a little bit more informed.
