The art of the password


Our top tips for password management within Advice businesses

When it comes to cyber security, the password is the topic de jour. Everyone knows that a password is the most common mechanism to provide authentication. Positively, unlike facial and fingerprint recognition, passwords can be changed.

However, the problem with “the password” is through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember but easy for computers to guess.

In the old days, the quality of a password used to be linked to its length (entropy) – for example – ‘correcthorsebatterystaple’. But now the uniqueness of a password is considered an essential element when choosing a password, and conversely predictability is a key part of cracking them.

In other words, you want to make your password as unpredictable as possible. This means if you can pronounce your password, or if it includes words that commonly go together, it’s not a password and it’s easy to crack.

You may think your password is creative and difficult but it would actually surprise you just how common the same words, tricks and combinations you use are.

Here are the 50 most used passwords. You will want to make sure your passwords aren’t on this list as a basic minimum.


Aside from picking common words, there are other red flags that may not be as obvious when it comes to picking a password

We recommend, as a general guide:

  1. DO NOT use one password across various applications – this means if a hacker manages to hack even just one application where you have used this password, they will now be able to access your login across all of the applications where you have used this password. Often this can mean access to private, personal, professional, financial and medical data. Alarm bells anyone?
  2. DO NOT change your password routinely or enforce your staff to change their password routinely i.e. every 90 days etc. This used to be seen as a good idea – with the logic behind it being that if a password were stolen, then it would lose its value when the user goes to change it. In reality however, individuals end up just rehashing similar versions of their password over and over again, or even worse – just keep forgetting the latest iteration and then continually need to reset. It’s a nightmare.
  3. DO NOT use a password that is an actual word – if you can pronounce your password, it’s not a password and it will be cracked. If you want to use real words rather than a jumble of characters, use a combination of words that have no relevance or connection to each other for example – aladdinlattetissuelipstick

If you want to take some simple and easy steps when it comes to password management, make sure you ARE doing the following –

  1. DO use a password manager – for example LastPass. This way you can store all of your passwords in one place without the need of remembering all of them. You only need to remember one password – that’s your LastPass password.
  2. DO use a strong password generator (you can find a range of them on google) to help you generate different difficult passwords for all your applications and then store them in LastPass.
  3. DO use applications which encrypt your passwords. This means if you forget your password, the application should not be able to tell you what it is, because they aren’t storing them in their base form.

You must be logged in to post or view comments.