‘Create a secure password’. We’ve all heard it a hundred times by now, but what is the definition of ‘secure’ when it comes to creating a password? Creating a random password that you struggle to remember is useless. This just increases the likelihood of writing it down somewhere, diluting any ‘secure’ methods that were followed during its creation.

Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised people from accessing your devices and data.

We use passwords to access our work PCs, home laptops, mobile phones, online banking, email, to remotely access company files and portals, for social media, online shopping and so much more.

As it’s strongly recommended to use a different password for each login it can become an impossible task to remember each and every one. Using a password manager is an advisable way to get around this, but you still need a secure password to prevent unauthorised access to this account. What’s even better is a password manager with multi-factor authentication. So once you type in your password you have to pass a second security check such as fingerprint authentication on a connected mobile phone.

Top tips on creating and managing a secure password

To help you with secure password creation we’ve put together a helpful poster that can be shared around workplaces or pinned on break room notice boards. Alternatively you’re welcome to use it as a training tool to help advise individuals on how to create a secure password. Download the poster here.

Creating a password:

• Avoid using predictable passwords (family or pet names) and the most common passwords (12345, passw0rd).
• Don’t use a standard dictionary word or grammatically correct phrases, opt for random words instead (carsblueroll, instead of mycarisblue).
• Include uppercase and lowercase letters.
• Use both numbers and letters.
• Include non-alphanumeric symbols (@ £ ^ *).
• Try not to use obvious substitutions for letters (hoUS1e instead of H0use).
• Aim for 12+ characters. A longer password, if securely created, is usually harder to crack than a short one.
• Try using a memory trick to create an extra complex password. Pick a memorable phrase to you: ‘My first car was a 2002 Ford Fiesta! It cost £100 per month’. This becomes mfcwa02FF!Ic£1pm

Managing a password:

• If you think someone else knows your password, report it immediately.
• If your device comes with a default password, change it immediately.
• Don’t use the same password for multiple accounts.
• Use a password manager where possible. You may have a company issued one, and/or choose to sign up to one for personal use.
• If you’re using a ‘master’ password commit this to memory and change regularly.

How passwords can be compromised

Passwords can only do so much. Be aware of these methods of cracking a password when creating one. Ask for advice if you are in doubt of how to protect a password or suspect a password has been compromised.

• Key Logging: Installing a keylogger to intercept passwords when they are entered.
• Manual Guessing: Details such as dates of birth or pet names can be used to guess passwords.
• Shoulder Surfing: Observing someone typing in their password.
• Phishing & Coercion: Using social engineering techniques to trick people into revealing passwords. See our ‘How to Spot a Phishing Email‘ article for more info.
• Stealing Passwords: Insecurely stored passwords can be stolen, such as ones written on sticky notes and kept near (or on) devices.
• Data Breaches: Using the passwords leaked from data breaches to attack other systems.
• Password Spraying: Trying a small number of commonly-used passwords to access a large number of accounts.

Using a strong password won’t keep you secure from every threat out there but it’s a great first step to make. Talk to M-Tech for expert advice on password management and two-factor or multi-factor authentication.